General

  • Target

    Payment advice.zip

  • Size

    641KB

  • Sample

    240619-t9darsterg

  • MD5

    5db5c0b4ca9ffa2981205de4759e3b70

  • SHA1

    9558925d908baab2d45da4041b9f6b091c298e74

  • SHA256

    1d00264b48bf41e3198e2475e84d1be872dadccfd0a24185064d1c241081e961

  • SHA512

    06bbe3d4ad956275ee887548ab2089d19d322499ec91213d9ccbaf89505c68019ddc010008c81bc2905299fd9575c700c5643e7b15d40c5a98fd669706bec5c5

  • SSDEEP

    12288:h1N9zV5DPwx/UAN1eo7IDzhNl1fFvLRusYVzhe/1zPtpEtHGAVO:bHDPwWAPSpNvFvLoc/1DjEtGb

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Payment advice.exe

    • Size

      1.0MB

    • MD5

      f1f023410d036b2cb9c5560771cdac95

    • SHA1

      33983202139b55b2f268387ac6fbec0e2a63511c

    • SHA256

      027fd05dc4bc7e4fd4127b9490198faf1ddfe250c8a5bb74de64df2d7d021cfb

    • SHA512

      0ec9400829b872ea9e0744b770c5511fe8ea8c186a27fa7f9cd15b6a896ee0a9355a35fd5fdbe8438d737e36777b8fe99ff603dac6d7870d2522306de76f022c

    • SSDEEP

      24576:8AHnh+eWsN3skA4RV1Hom2KXMmHamol2x1JjmHtTy5:bh+ZkldoPK8YamP1QE

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks