General
-
Target
c4d29c2d92fb2ef23e03834d03435164d51fd53ad4018d6e2b61664c212d8a72
-
Size
558KB
-
Sample
241111-qcxrcssrak
-
MD5
ee85dd725f312a55c9d751b6b99355fe
-
SHA1
f95379bb041cab6dc92315fb6996892b79ca580d
-
SHA256
c4d29c2d92fb2ef23e03834d03435164d51fd53ad4018d6e2b61664c212d8a72
-
SHA512
f3357231d0adc90a4420f09be43c07272af088e87957f6477dc1a5da71a909a00f633e829b1fe3d9e0dffc502f505a01a0582dce8ae5086542c756f86372085f
-
SSDEEP
12288:+2KDbnIHoQtjAV8/daHG3rgTAgwAa5YpRMH8OM+VzVCxiCqh82oP+:5KDDIHo0MIIHGce5YLw8OM+VQxzqq2Z
Static task
static1
Behavioral task
behavioral1
Sample
Revised invoice docx.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Revised invoice docx.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6150028123:AAEEd2A6XOEJtW6RYKc7tExhq48wfha9Eug/
Targets
-
-
Target
Revised invoice docx.bat
-
Size
612KB
-
MD5
5dbe3d0e995ac9d225993107aace7046
-
SHA1
377e1ba2a5ae63a3db08f598157fd58c838d9633
-
SHA256
447b2429c32e19fcded78461c6ef71c306db970371c6c1c8674e17448dec1c80
-
SHA512
89346389ad2d6d0169975d1f9db6185ec7bf3986ca490fb2641da495b8c6b1525f45a378d7377f101a0586200e6332c23986b5d9745592c1c3ea471c9d98aa71
-
SSDEEP
12288:mojc0LA8PMvnIHEQXjch8NHEOxM0HFIH8Ok+VfVyxiuhWnRj5y+8Lyse0:tA8IIHEEI6zxM0lk8Ok+VExH6RVx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1