General

  • Target

    4f6458af1ce151efa023e9ad0580b5528c39114057d30d46b4427cb5185786e9.r00

  • Size

    668KB

  • Sample

    240913-h6d74s1frh

  • MD5

    544cd64a7725187da521b11766442ef7

  • SHA1

    11c8e68b4e75fbc1e213846d7592d69c0959e7c8

  • SHA256

    4f6458af1ce151efa023e9ad0580b5528c39114057d30d46b4427cb5185786e9

  • SHA512

    57deb1d51d0e83cf81d63a28565878574d0170ccf2f5da24bca9323895ac2cb2e8ba854b9253916429b4d9b3e2b931bd40efd2cf860951e3c391cc3da43d01a1

  • SSDEEP

    12288:SwKcL+zXtlON1MS6eW/Wx1KOiIhbmC6ZolkN6wABuXeFgZ5w9jgli2Kv8hHFq+S0:SM6zdlOds/C1WIVJ8oSABuOF85w9cliW

Malware Config

Targets

    • Target

      YMLUI275163148 - BL.exe

    • Size

      1.1MB

    • MD5

      efeb57a449ccc8158f1c4ae374b62959

    • SHA1

      d097f10d18f72a86ad3406311163606d5668b520

    • SHA256

      79951afadbd96fb9b16f3d4fe5564e83cca60628082262752d243f0c30d145e2

    • SHA512

      060341f86969d0bf7461925f9d937b780b480ab784daadafa9788b4d75d57ac44bee990ed282b3bac66cbeb4663f4c09619138186553c3704d625f2f3634d7c9

    • SSDEEP

      24576:U4lavt0LkLL9IMixoEgeaVrgVTlY03AroJUEGq9MmCS:jkwkn9IMHeaV8TmzroYaPCS

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks