General

  • Target

    Payslip_October_2024_pdf.exe

  • Size

    1.3MB

  • Sample

    241104-cqqcjsznay

  • MD5

    00d35f16da780121846ac5345e6fddd5

  • SHA1

    dc1610ef8a4f55cccf4ebabd3517b9b5706ff262

  • SHA256

    30f53c188f4ca288bab139778eb5426ee3db92ddc779c8df149b501334dd8dbb

  • SHA512

    87c4f25ac6c9db33b933d3873fba2212751707da4f31b20cfaa67e6bd5b6fb8d3a3a938deed44e5bfed7219070a1f09d7fc24cd1ed63c41302ed90a49e7d9aac

  • SSDEEP

    24576:pAHnh+eWsN3skA4RV1Hom2KXFmIa89tlB5Rg0V7kZ5:wh+ZkldoPK1Xa8/j5RgyG

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.haliza.com.my
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    JesusChrist007$

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.haliza.com.my
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    JesusChrist007$

Targets

    • Target

      Payslip_October_2024_pdf.exe

    • Size

      1.3MB

    • MD5

      00d35f16da780121846ac5345e6fddd5

    • SHA1

      dc1610ef8a4f55cccf4ebabd3517b9b5706ff262

    • SHA256

      30f53c188f4ca288bab139778eb5426ee3db92ddc779c8df149b501334dd8dbb

    • SHA512

      87c4f25ac6c9db33b933d3873fba2212751707da4f31b20cfaa67e6bd5b6fb8d3a3a938deed44e5bfed7219070a1f09d7fc24cd1ed63c41302ed90a49e7d9aac

    • SSDEEP

      24576:pAHnh+eWsN3skA4RV1Hom2KXFmIa89tlB5Rg0V7kZ5:wh+ZkldoPK1Xa8/j5RgyG

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks