General
-
Target
RECEIPT mv SFERA REQ AE parts Daihatsu.exe
-
Size
799KB
-
Sample
221003-hsnvdsdhcl
-
MD5
76ba1398ec21c6ac1ad7e7a9b27a9c3d
-
SHA1
64d4358d27673981c8373a46f6b4f18ddd03ef9f
-
SHA256
ece470bc5e6432205374fffac28bd130c38f25166bb81c79781c19f74e623a9c
-
SHA512
6d17364bcb8b63791d9e43ace9280f05fdd7bd776e4dbd943ae789b9668dbe613e85d01e33e3c03a1f05785a55781918d94605e6680eeb25f4ffefffa453ffdc
-
SSDEEP
12288:5Ab2iNMEUx23w7mUq73HSNJe5gM63pAU6DsmbtuDuoFvR8gkwNsd6wt:A1N7MTOSDe5gM6sbJuKoF3zNsd
Static task
static1
Behavioral task
behavioral1
Sample
RECEIPT mv SFERA REQ AE parts Daihatsu.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RECEIPT mv SFERA REQ AE parts Daihatsu.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.alonsorojasmudanzasnacionales.com - Port:
21 - Username:
ama@alonsorojasmudanzasnacionales.com - Password:
SWIrh1JT66[P
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.alonsorojasmudanzasnacionales.com/ - Port:
21 - Username:
ama@alonsorojasmudanzasnacionales.com - Password:
SWIrh1JT66[P
Targets
-
-
Target
RECEIPT mv SFERA REQ AE parts Daihatsu.exe
-
Size
799KB
-
MD5
76ba1398ec21c6ac1ad7e7a9b27a9c3d
-
SHA1
64d4358d27673981c8373a46f6b4f18ddd03ef9f
-
SHA256
ece470bc5e6432205374fffac28bd130c38f25166bb81c79781c19f74e623a9c
-
SHA512
6d17364bcb8b63791d9e43ace9280f05fdd7bd776e4dbd943ae789b9668dbe613e85d01e33e3c03a1f05785a55781918d94605e6680eeb25f4ffefffa453ffdc
-
SSDEEP
12288:5Ab2iNMEUx23w7mUq73HSNJe5gM63pAU6DsmbtuDuoFvR8gkwNsd6wt:A1N7MTOSDe5gM6sbJuKoF3zNsd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-