General

  • Target

    Flexer PC.rar

  • Size

    19.9MB

  • Sample

    240625-qdv9xsvckp

  • MD5

    748614b1d3706a3eaf305e53b2189da2

  • SHA1

    f8e9fe300cf9713bf0f0884a6924c99604a1b586

  • SHA256

    9854e553e9c580cfa3ab600fced7ce8eee35b798f2d739c40414bc40297f1615

  • SHA512

    27db94fca6f82d6061808a5cda03cea69fb859aa56080a376e1074182af058a2fa9447fad4f8419f178f9aaa02a7029b30dcea052e2f2ab24f785650ec232228

  • SSDEEP

    393216:jaJXJILgZ0HbVF2q/egjsdAhLL9xjXguxf5CoevV6otTBJFj:jOXJtZir2wsdIbVhLc3Dj

Malware Config

Targets

    • Target

      Flexer PC.rar

    • Size

      19.9MB

    • MD5

      748614b1d3706a3eaf305e53b2189da2

    • SHA1

      f8e9fe300cf9713bf0f0884a6924c99604a1b586

    • SHA256

      9854e553e9c580cfa3ab600fced7ce8eee35b798f2d739c40414bc40297f1615

    • SHA512

      27db94fca6f82d6061808a5cda03cea69fb859aa56080a376e1074182af058a2fa9447fad4f8419f178f9aaa02a7029b30dcea052e2f2ab24f785650ec232228

    • SSDEEP

      393216:jaJXJILgZ0HbVF2q/egjsdAhLL9xjXguxf5CoevV6otTBJFj:jOXJtZir2wsdIbVhLc3Dj

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks