General

  • Target

    39b12628d654ed8688210e5a1d73b37aa2d1807ecafce9cdbfc8f8e4eee6a277

  • Size

    759KB

  • Sample

    240913-k4hhvsvgqm

  • MD5

    ffa2bc436353b4c2d5cb71e6f82ceb99

  • SHA1

    93e6f60339ef77e6db850541f0b0fbba858f0df0

  • SHA256

    39b12628d654ed8688210e5a1d73b37aa2d1807ecafce9cdbfc8f8e4eee6a277

  • SHA512

    8c22e7b8bd0039d1022d6d37a659e3eafa4c1a5cc168961828b00a51961299842718e76db6cad3efedc865a4990463ad79bd99548ee3a0ee7e85db1b20b3226f

  • SSDEEP

    12288:y/qqYClilAXG4chRgTm9a1Rwoq8DJ1zEcXjgJVrlP/ubuVSwj3F6oAopspA0hnwX:OqFyG4+gTtPwHwJ1T8Fp/yerDpsrhnt4

Malware Config

Targets

    • Target

      34686435161bf43bd4c33df68a733b72ac73c24e5cd1d8fa473a7f55c373ab70.exe

    • Size

      1.2MB

    • MD5

      7133ab55e31ea1b16b141a561d5c3b27

    • SHA1

      f08bf25e27b467460a5fecfa421c0555d4c88616

    • SHA256

      34686435161bf43bd4c33df68a733b72ac73c24e5cd1d8fa473a7f55c373ab70

    • SHA512

      7d54f51c80f3e3ab3a1b86176d22c49241bfa0bd24b2ec81c38ad193c4491cd46dc55aedf410c5ce5b69fc634fb92966ac6dda4353dda146ac43f9072bcb9697

    • SSDEEP

      24576:C4lavt0LkLL9IMixoEgea6RyGw86lPCEYq9MmCS:1kwkn9IMHea6RRw8u69aPCS

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks