General

  • Target

    0AD260C9687C8756716632F751DD869507BECCEEB5FFBB404EFF6D6E870ADAFE

  • Size

    1.1MB

  • Sample

    250103-jnabwaxnep

  • MD5

    13c33390a3907b89ab99447c7f10418f

  • SHA1

    c873b488f30399ce896607d39534cf6454b4872e

  • SHA256

    0ad260c9687c8756716632f751dd869507becceeb5ffbb404eff6d6e870adafe

  • SHA512

    37aa985597bbdf9ea2a7877a5af1447e285eab5aa3ae04134e5e99c99dee2357d1427649b2eb0d79eb7d0be5b9f5907c2e181f2dc7f1307fc46441a0e7a12609

  • SSDEEP

    24576:Stb20pkaCqT5TBWgNQ7aO/E46DTMcKeE56A:fVg5tQ7aOsvhKn5

Malware Config

Targets

    • Target

      0AD260C9687C8756716632F751DD869507BECCEEB5FFBB404EFF6D6E870ADAFE

    • Size

      1.1MB

    • MD5

      13c33390a3907b89ab99447c7f10418f

    • SHA1

      c873b488f30399ce896607d39534cf6454b4872e

    • SHA256

      0ad260c9687c8756716632f751dd869507becceeb5ffbb404eff6d6e870adafe

    • SHA512

      37aa985597bbdf9ea2a7877a5af1447e285eab5aa3ae04134e5e99c99dee2357d1427649b2eb0d79eb7d0be5b9f5907c2e181f2dc7f1307fc46441a0e7a12609

    • SSDEEP

      24576:Stb20pkaCqT5TBWgNQ7aO/E46DTMcKeE56A:fVg5tQ7aOsvhKn5

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks