General

  • Target

    21102024_1616_21102024_IMP1573.tar

  • Size

    898KB

  • Sample

    241021-tq8ybsyeme

  • MD5

    cd0dc0866418282b5d752426070e9e54

  • SHA1

    2a36d38e17c342e9dfa2416b3f83f1c4a006d497

  • SHA256

    dc3e57f15f9b5b344fd377a6c9bb48f1b8be1c6ea8f19927a3f11b1acfe91f05

  • SHA512

    6469bfaefa9014e6edd8d581d6213fa02d15506086318fa209dc8e489237dc247ec25f865884a6b17de40a4a6501240a28e58379f2f2e7a6bfcdabcb3b28aae5

  • SSDEEP

    24576:SQE7NFqah7SWDEEqMPr5Q8ZPLHxcNiVkOApkt:kNFFeWT9tdBkOH

Malware Config

Targets

    • Target

      IMP1573.exe

    • Size

      1.2MB

    • MD5

      694e2741ef8bcff53daebbd952eca657

    • SHA1

      84941bfd773a8b90c7964146cc190183bd3f05cd

    • SHA256

      d46af2ac469d8dbf11b13e79c6a2090471d4a81aa3f950ace8c94c3999fbfe97

    • SHA512

      86c631ede94a65903b6a6ec540b9608cb7d33a6a87fb6415d27109e5a822fef3610121d5b347d1384519e062a2895f9b95aa86b29ed3fcd6ed0af99793ad7911

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLd7pyQxoXp5+8pXlDwBYCSVSDLra/9:f3v+7/5QLVpvxEX10BYPS3ra/9

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks