General
-
Target
Documents.doc
-
Size
30KB
-
Sample
221207-jftesaag9z
-
MD5
598cd4333e3a0b3ceae30795a0189ea5
-
SHA1
c6951e9e3f5c41fc752dcd981315c610cb104bfe
-
SHA256
1cc7491b728e635cce8087763006f4384c715f2a84c3472fed392a15a0aa3bb6
-
SHA512
6b99bf2e092649cf9f812bbef5244ff3ed9e2a6227610e3111e9ba4e8bbd306afe452b9c7494afe56d0cb6c963bcbf6eefb4e91863e5e7757018836ff3611720
-
SSDEEP
384:tQMmdOFNYY0aaaIswqPeOrka1+fHQJ+t3rQkRhZs4C+jrWiBKZRZq8NUC7HU4Dlw:LFx0XaIsnPRIa4fwJM6/fI837U4iPy4
Static task
static1
Behavioral task
behavioral1
Sample
Documents.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Documents.rtf
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.valvulasthermovalve.cl - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl/ - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Targets
-
-
Target
Documents.doc
-
Size
30KB
-
MD5
598cd4333e3a0b3ceae30795a0189ea5
-
SHA1
c6951e9e3f5c41fc752dcd981315c610cb104bfe
-
SHA256
1cc7491b728e635cce8087763006f4384c715f2a84c3472fed392a15a0aa3bb6
-
SHA512
6b99bf2e092649cf9f812bbef5244ff3ed9e2a6227610e3111e9ba4e8bbd306afe452b9c7494afe56d0cb6c963bcbf6eefb4e91863e5e7757018836ff3611720
-
SSDEEP
384:tQMmdOFNYY0aaaIswqPeOrka1+fHQJ+t3rQkRhZs4C+jrWiBKZRZq8NUC7HU4Dlw:LFx0XaIsnPRIa4fwJM6/fI837U4iPy4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-