General

  • Target

    Официално писмо № 0280_08_09-10-2024г docx.z

  • Size

    944KB

  • Sample

    240916-wafmys1djl

  • MD5

    a669105ab713b5a14a30857a469539ae

  • SHA1

    bcbe6be9d99761a3f8fce73df4dafde85cc6c711

  • SHA256

    632d21f1992f8a51989c1127f0aec2cfab45dc4c8576155a2fce35ce554e6667

  • SHA512

    66125a6af1432646193be3e1cc011bf76c5dc3ecfd6aba9f45de8b6aaa577e1095353997164b9c0283e4bb8014418f7043544ea155e8e39697da851eed621002

  • SSDEEP

    24576:DWP703QkJD5BqcrA2VEdWikOAYj+Te9y2:z3QkEcrADWjOAPe9r

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Официално писмо № 0280_08_09-10-2024г.docx.exe

    • Size

      1.2MB

    • MD5

      e0d57a92476711a3438a44fa205e1720

    • SHA1

      a1669d33a5b53f9c501c01ec2bc7e155a6964a38

    • SHA256

      696a1a956d00c895f0716efdec49515d65deae2edd12cad87c13c29f31fbd360

    • SHA512

      7f6173a7d61dc797fc63456240b26daca47580ca901e3af901926fe293ab703c83b1c1f7fb5e47378d42d3443524db13707283018699e76e1dd5de2aae1a80e9

    • SSDEEP

      24576:I3c92psKAq6ITV5vGbao8LSEI28uUESJVufn/VtvVE:I3cYaKd6EGbrs4ySQ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks