General

  • Target

    59eea35b69fe8aab60f9a005e421215d2d31221421de968b68db0dde53c6b5e1

  • Size

    1006KB

  • Sample

    240917-kkzysstgpj

  • MD5

    d58f21849ad6ffc939843640713f7fa3

  • SHA1

    02593852f35a1481f2646efca7e1f9f4bcbbe36a

  • SHA256

    59eea35b69fe8aab60f9a005e421215d2d31221421de968b68db0dde53c6b5e1

  • SHA512

    59bf0d999ad014091ba2f5ec689120ff9a3222c4b417ed47ebdf3c728fb2da0f58a6f85c18742c728ab1bd5b25ef8263a49b82ee3ac3296ce260e15a40211e1d

  • SSDEEP

    24576:azD7C0gmTw99KsSuifKJEUzCXYGZuiqhy08ve:6D7fgOduwMwXYGZuRhp8ve

Malware Config

Targets

    • Target

      Estado de cuenta.pdf.exe

    • Size

      1.3MB

    • MD5

      92fe200abe5cd92b7766757b6d9fff86

    • SHA1

      29837c6390325443c30227df4fbe3f28618dff77

    • SHA256

      58672267ca553d53165e5f5318bf7c492d5378730a0857547543e8efe42c110e

    • SHA512

      05355588a91e64b5833ea92c8cdd5845e42a45dd3cebc506dfc793b6e4b7b5078628835720c9af8527f8308c383c0aa46b7129a35ebfa1f12bf14f4691f25800

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCKY9/wsSku5KHAUzkNYG9uiyVEs4bF:7JZoQrbTFZY1iaCcdkwcyNYG9uTVp4bF

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks