General

  • Target

    Potwierdzenie zamówienia.doc.exe

  • Size

    980KB

  • Sample

    240625-km58lasfkq

  • MD5

    0467f16b8891b0099fa42bd814fcdb74

  • SHA1

    814610a42c6b96cd2cc06960e8611e76815f9194

  • SHA256

    0e063e3eebf7902a502fecbb863f3b63081bd444ce3bb2d7d50b03a515acb4a9

  • SHA512

    3ff0f6ef113b9f4025dacaa8976ec1faaf12d7cd056bab973ef47c4ef3df0c117a2e2b9bdc76093a2c915716e69487f78694e9552ef97c82411eaf350b2c721d

  • SSDEEP

    24576:k0m/x4xgF9hmDGvCEcXWZ64mZPWM1H2f:k0PgBZI7hWMF2f

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Potwierdzenie zamówienia.doc.exe

    • Size

      980KB

    • MD5

      0467f16b8891b0099fa42bd814fcdb74

    • SHA1

      814610a42c6b96cd2cc06960e8611e76815f9194

    • SHA256

      0e063e3eebf7902a502fecbb863f3b63081bd444ce3bb2d7d50b03a515acb4a9

    • SHA512

      3ff0f6ef113b9f4025dacaa8976ec1faaf12d7cd056bab973ef47c4ef3df0c117a2e2b9bdc76093a2c915716e69487f78694e9552ef97c82411eaf350b2c721d

    • SSDEEP

      24576:k0m/x4xgF9hmDGvCEcXWZ64mZPWM1H2f:k0PgBZI7hWMF2f

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks