General
-
Target
comprobante de pago.pdf.img
-
Size
1.2MB
-
Sample
211022-yksrdadaap
-
MD5
e987d2e6bd667d1b87ee1518f8d74ed0
-
SHA1
63c3198817920536efa29f1875ba672712455562
-
SHA256
cb11b6bfd76f2c4b97348fd492ddac3bede097b41fe9400a6637762af5cf9102
-
SHA512
63e048f261721c322109f814e10d306002a9390969bb40088291ff4a0b0c9d95589adc49834258a5641cbffe45011c6ea3732c9a8b045c54d16ab7000b1a5c19
Static task
static1
Behavioral task
behavioral1
Sample
COMPROBA.BAT.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
COMPROBA.BAT.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mudanzasdistintas.com.ar - Port:
587 - Username:
droid@mudanzasdistintas.com.ar - Password:
icui4cu2@@
Targets
-
-
Target
COMPROBA.BAT
-
Size
735KB
-
MD5
82e1d03d8c42186ee9816ebbb7a71e78
-
SHA1
a363c459629fca6487c6f2b8265ff2cbb016d628
-
SHA256
5e1daf38670154cb7700b046673255609c6b7ff7e8c518e4186d86403d3ab713
-
SHA512
5af977aabf13f1ee37dcbcdeab72b21e05300604557f937650ec48f1f6e104fdeede56f3ea7a52c30d7a60e8f31046c0ae6debaa5b2d173af8f1e1a7f88355fc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-