General

  • Target

    tmpajm4podi

  • Size

    357KB

  • Sample

    240917-pa2f4ascrl

  • MD5

    e666960adf20e0c7f2d8f7397709d9cb

  • SHA1

    4cc2c660110f35b5769439aa21f45504ad610446

  • SHA256

    4df1caa877eac11077fcdba5a4220b5868612f16c80d228ff3d04e8a11c3e309

  • SHA512

    5649ad82f409fecfcd406c851c3bb015e6640602de142d1404694a98008cfc06608060284dc03efa76261f093c646388393d16f2e2dbbd651384f5e59cec319c

  • SSDEEP

    6144:YDGgG5qUL1xmjPS7OVMKarRmXzLAqIXtQT4jwzRsObT0:SsyjBtzLadHQs

Malware Config

Targets

    • Target

      tmpajm4podi

    • Size

      357KB

    • MD5

      e666960adf20e0c7f2d8f7397709d9cb

    • SHA1

      4cc2c660110f35b5769439aa21f45504ad610446

    • SHA256

      4df1caa877eac11077fcdba5a4220b5868612f16c80d228ff3d04e8a11c3e309

    • SHA512

      5649ad82f409fecfcd406c851c3bb015e6640602de142d1404694a98008cfc06608060284dc03efa76261f093c646388393d16f2e2dbbd651384f5e59cec319c

    • SSDEEP

      6144:YDGgG5qUL1xmjPS7OVMKarRmXzLAqIXtQT4jwzRsObT0:SsyjBtzLadHQs

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.