General

  • Target

    Letter Of Intent.rar

  • Size

    240KB

  • Sample

    240625-lnjlnavfqp

  • MD5

    bf529c1fb7c64dc3cd75d706c0b515f7

  • SHA1

    a0094daca07d914aefba8023dbd3f8963e91a104

  • SHA256

    464c93aae13245401f57dfd8bf43449304893003689ee140a3c4f272c147e4c3

  • SHA512

    b125a5ab7f59ed19bc278fbc0f3d97ad6811e58efb7ab0fccc99a793876d2e68d46191022558cf74b9e861241e44a2edcb0354178a289cc77af22f4985c48b5a

  • SSDEEP

    6144:MxHwGa7Up1qZm9vTYuH9kTM1msmxIRq61H/iecblZ6:yO7Up1qZSvDKTMN6IRHH650

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Letter Of Intent.vbe

    • Size

      1.2MB

    • MD5

      39eb2e490f0ee978f78ae64b4c83a058

    • SHA1

      66f9b5eaf2a5fda1d76f76c4aeaa40b0b5b56beb

    • SHA256

      78b7988aeae77efe1cf4f1bcf776911956f6668b3a8f74d35ae87219eab3b268

    • SHA512

      7f9c866ae003e4d80120ad949510c98fb5b74a5b0d7f81994130096c8efacb89e30d4a9308e4bb1baa5d801f257a4f3f648ed6e3b1b0fa148c7048549108d293

    • SSDEEP

      24576:srX9rJOHfhHtKdE6+WX2wcdgQtt4aCKIFMV+PANNLPM2H92W27PmM51YYuB9FwtA:p5Hr

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks