General

  • Target

    5b67517eeb4645cca083400b697cd515c558dc0e3be693ab9ff51ba5ba15f683

  • Size

    1.1MB

  • Sample

    240629-by33ya1cnn

  • MD5

    ba07b251e27f448a957f762710cc33f9

  • SHA1

    744bd78be714cd94cdc1dcca33ab9fef3e4c65ad

  • SHA256

    5b67517eeb4645cca083400b697cd515c558dc0e3be693ab9ff51ba5ba15f683

  • SHA512

    1a168931433477da0ea2090e6f1d4e2df975e50bbd96f55629a8ce0d15d598361b4e4a80efb52b4cbec829ab2ee77183668708fa2603cb41779677119c9f6a5b

  • SSDEEP

    24576:1AHnh+eWsN3skA4RV1Hom2KXMmHaFi55yutCCbStR0RWXPYJ51Kg5:kh+ZkldoPK8YaFEykCCbStRfX051p

Malware Config

Targets

    • Target

      5b67517eeb4645cca083400b697cd515c558dc0e3be693ab9ff51ba5ba15f683

    • Size

      1.1MB

    • MD5

      ba07b251e27f448a957f762710cc33f9

    • SHA1

      744bd78be714cd94cdc1dcca33ab9fef3e4c65ad

    • SHA256

      5b67517eeb4645cca083400b697cd515c558dc0e3be693ab9ff51ba5ba15f683

    • SHA512

      1a168931433477da0ea2090e6f1d4e2df975e50bbd96f55629a8ce0d15d598361b4e4a80efb52b4cbec829ab2ee77183668708fa2603cb41779677119c9f6a5b

    • SSDEEP

      24576:1AHnh+eWsN3skA4RV1Hom2KXMmHaFi55yutCCbStR0RWXPYJ51Kg5:kh+ZkldoPK8YaFEykCCbStRfX051p

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks