General

  • Target

    Penis (2).zip

  • Size

    31.3MB

  • Sample

    240705-x82thswfrh

  • MD5

    f001e0de13d55c9a6d77065ffc000702

  • SHA1

    f604c9b76870c9a5face2e6d02eb084ff0e3ba45

  • SHA256

    42b0a525bbffc7d06c5aa9ff806f7537364aaf1c26e22ded33152336b3ad2354

  • SHA512

    430ffc2e4a2aefbd4936fe03eb974a118992c8b4a4e9b5d02e1492d784bac1d0ec4b76a3a366a4c80cfeb42efe2bd082021eea27865299a577e3d8350261772b

  • SSDEEP

    786432:LKUX23QgeyH86duGAzcsV/gU9eKYZa8uzFvXCif1+uquOje76HU3QmMzS/B0:HX23Qghr9AISgU9iU8+FSkM+6UAmMO6

Malware Config

Targets

    • Target

      Penis (2).zip

    • Size

      31.3MB

    • MD5

      f001e0de13d55c9a6d77065ffc000702

    • SHA1

      f604c9b76870c9a5face2e6d02eb084ff0e3ba45

    • SHA256

      42b0a525bbffc7d06c5aa9ff806f7537364aaf1c26e22ded33152336b3ad2354

    • SHA512

      430ffc2e4a2aefbd4936fe03eb974a118992c8b4a4e9b5d02e1492d784bac1d0ec4b76a3a366a4c80cfeb42efe2bd082021eea27865299a577e3d8350261772b

    • SSDEEP

      786432:LKUX23QgeyH86duGAzcsV/gU9eKYZa8uzFvXCif1+uquOje76HU3QmMzS/B0:HX23Qghr9AISgU9iU8+FSkM+6UAmMO6

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks