General

  • Target

    Purchase Order -JJ023639-PDF.scr.exe

  • Size

    229KB

  • Sample

    240625-qqmtbasejd

  • MD5

    87d572872a9653415294d997f11f9093

  • SHA1

    243628af0df5fe961d63b009ce0935000dda369b

  • SHA256

    714ca45e591dc1a3f8d2485e9b0c02973e69102ca41a57adc705e88badb23ece

  • SHA512

    2c15cc9e60ca89a48b42f31e507c487e5ad0a5baefc9082f5c2ba07cff9cd2c75ac7996ecd2f873c9d65a25cf77114ab1308221f6023a3605d0f350d464f66fb

  • SSDEEP

    6144:XcE08tYLyZZEXrdm4Vz0Rpppppppppppppppppppppppppppppb:Xc9Xrdm4Vz0RpppppppppppppppppppX

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Purchase Order -JJ023639-PDF.scr.exe

    • Size

      229KB

    • MD5

      87d572872a9653415294d997f11f9093

    • SHA1

      243628af0df5fe961d63b009ce0935000dda369b

    • SHA256

      714ca45e591dc1a3f8d2485e9b0c02973e69102ca41a57adc705e88badb23ece

    • SHA512

      2c15cc9e60ca89a48b42f31e507c487e5ad0a5baefc9082f5c2ba07cff9cd2c75ac7996ecd2f873c9d65a25cf77114ab1308221f6023a3605d0f350d464f66fb

    • SSDEEP

      6144:XcE08tYLyZZEXrdm4Vz0Rpppppppppppppppppppppppppppppb:Xc9Xrdm4Vz0RpppppppppppppppppppX

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks