General

  • Target

    0687543976bc00a974e30049442afcd8dd2b0cbf3a3adc42e64ad98de307f1af

  • Size

    676KB

  • Sample

    241114-3x82cavhna

  • MD5

    2d2727ed12925424ea028504091cf2b1

  • SHA1

    d267018ff75453d38ab67e2bb3e6ec5b39fd6735

  • SHA256

    0687543976bc00a974e30049442afcd8dd2b0cbf3a3adc42e64ad98de307f1af

  • SHA512

    63cff6b76156bbdbcae27d3fd549f2505b36f31cd96fbc0148c324b90888b6ab6e5313357d5fc9165280afbb13c32f388a9136a3e370e2d6c1f2ddb19899aae4

  • SSDEEP

    12288:eIv9xv/jlr5JW4T6/wdfWKLC/xAc86N7ZQFP/mLFUzDtwdlNmRqreD/w:xv99jta4TWwYKLXc86N7iWizDtw744eU

Malware Config

Targets

    • Target

      DRAFT BL & MBL PO NO ECM1D2403-29.COM

    • Size

      708KB

    • MD5

      e8d3060734bdcba3bd69c4aad8859f80

    • SHA1

      04979e52970b4372e25de9055f3bf97f0ba5ec0f

    • SHA256

      2bcbc525587856ce9d9457b34fc90064e3a4fe77f241e16e8d4e22fde661dceb

    • SHA512

      377837b15eb3500ea5ea5c2cb1e69143ab5d5dccd15d55b6c565481d546e9e6f5b784869b62626585daa704ee6b565b884818fc9fa8c4f4c2096c0a3d573b9fa

    • SSDEEP

      12288:0sHzOUNUSB/o5LsI1uwajJ5yvv1l2IXnQZQFb/m5FUzDxidlNsRexeDNl9:XiUmSB/o5d1ubcv/XQia0zDxi7iIeDN7

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks