General
-
Target
JUSTIFICANTE DE TRANSFERENCIA.PDF.IMG.gz
-
Size
549KB
-
Sample
230327-rw8teafh8z
-
MD5
8120932f8ad9c94ee6e7618ffd710536
-
SHA1
0434c6fac68f55f6ea701b73d78ed96fbe99d267
-
SHA256
6e40830f0716aa267a503d0a0957de18eaaacf6d0b5cc65f7dd37587f935a445
-
SHA512
f4da9f759ee2e7f6c39235900ed50237b6af8e49a10da216ee0d0a179b91b236e2b9ec00cf1ae264b2999c77d2fd9d5b5aabcce8fdfd65d9be216c18b6064fe3
-
SSDEEP
12288:7mvU5VRT+ZF3xwUqp61KH+PgDFJtJNAXRIpxAe3ZWtF3U14TWBHtwQskom7:7aIV00UqY1KbZbJmRAxAe3ZW/3lTWcyb
Static task
static1
Behavioral task
behavioral1
Sample
pound.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
pound.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.seguridadjl.com - Port:
587 - Username:
administracion@seguridadjl.com - Password:
@ragon70@ragon70 - Email To:
swtmichael69@gmail.com
Targets
-
-
Target
pound.exe
-
Size
680KB
-
MD5
21e83a953d3b258434cdfa288692b4ab
-
SHA1
725209ab5d376f69c70287c7b2a6eec35909640f
-
SHA256
5b3909b49b7dfe6e0215ec264504eec9b56592d023830e9c32a64176b95a9ee4
-
SHA512
073a3c59bb95fea2e20b7c69cff643a9f685a5557fd207a65b045369a53ffad62d9092562b329afc229b817a6a362cf2a8e38e304d027ad1bed0a3e35b0a1e97
-
SSDEEP
12288:AMw4EAPcLqC/YtzeXUFw4kzjT3yZrn0aHDyq9DSXALFW+caLUy:AMwtAPcLqr9Q3yBDyq0Gky
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-