General

  • Target

    25062024_0815_24062024_Proforma Invoice - 490235.img

  • Size

    1.2MB

  • Sample

    240625-j5wlfa1gnm

  • MD5

    4ca7d14dbd97d6c17416eb1617fd9eb6

  • SHA1

    3892dbdecfa030fb6dc18da0010fb042946403d6

  • SHA256

    4c1e5a6a0efd3bce4568f79f6894dbbe85cd37db499882989deefe69cccf08ff

  • SHA512

    a2728e3a4bfb38db894205c94ea558b1f9deaf36533a5df10569a7049fe948184367e2ac2c578e1c45ab9017cb77776f06b1eed4bbbeb1bbdfbce15713f9e4cb

  • SSDEEP

    6144:Um6jEb2V51LUVL6R9mCdy1wUZGUwCu5C+YlKygc+yj:KEW3LkL2a1LUFlyKi

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Proforma Invoice - 490235.cmd

    • Size

      224KB

    • MD5

      52c11a6984ecbb6d95da898ce7166ae3

    • SHA1

      ca482e32af072f39b104cf8106cd962d494adc2a

    • SHA256

      d7d529d5e29131e1df6c41d725a6731b0d989f46089afa1beb340170efdbe47a

    • SHA512

      e80c985036b9362b23d58a2c3a73a455cde05ca87ec07b00e9e0dfeb8411fb4cf9337730cd5e67c7adcac0ee9d82ae2e63264ec00ba6bc3c8ac15ec611fa5b79

    • SSDEEP

      6144:w6jEb2V51LUVL6R9mCdy1wUZGUwCu5C+YlKygc+yjp:7EW3LkL2a1LUFlyKip

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks