General

  • Target

    73d6645c5ef1d09778dbd071dcfeb129c44ba08448b6bb03018d3c99fff08c45

  • Size

    1.0MB

  • Sample

    240917-lp88pswflr

  • MD5

    1e880306ec36b5b7a50b813c43d6fbec

  • SHA1

    115c74916216be3c44e65eac2e337b81007bc006

  • SHA256

    73d6645c5ef1d09778dbd071dcfeb129c44ba08448b6bb03018d3c99fff08c45

  • SHA512

    e29a8b70ac7a603f3bfc1a18368e31712d006fdb07409575fa9e02f2225c25f763e917034347de042e0cba8564549eef734ed0b96def670c9d17e8acc2ac60de

  • SSDEEP

    24576:kY7tC/D80olUcTaMAwtctTPIbaklxlZSrSfFRNGrXU1rXr:kYpi80olUcTaMAwL+2oOfFHGrs

Malware Config

Targets

    • Target

      Product Data Specifications_PDF.exe

    • Size

      1.4MB

    • MD5

      6910f19b8cee8c88b17ca66e8d4db121

    • SHA1

      94d9f9921e3b49c78f1efad12d0ab935eb32565b

    • SHA256

      d2b9665a5de1b1972bf4c24deb8678fbcaa6f3dae53b6cd33614f31859dc3f62

    • SHA512

      913ad116052a0b4b9e8b9dab3bed13be830e51d3964da0b5cdea30d87b8cabcc04c5b389b2f9b31958bf7014b463d8b8a6d4eedc6961a4875ff02aab1d086752

    • SSDEEP

      24576:/RmJkcoQricOIQxiZY1iajD7nanYWbcvXrCbaCf5lZErWV7PzGPXeLrRH:UJZoQrbTFZY1iajXanYW9+qm6V7LGPS

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks