General
-
Target
Transferencia de copia.r00
-
Size
787KB
-
Sample
230328-m856tscc7s
-
MD5
c72b15c0cfe5a085b4164f72cfef7492
-
SHA1
a5c4e3e801e9dd666c770f097d822b266a0c2d6d
-
SHA256
3d3550693068ce7798061d4d792024a2c3c93573f13e0a08edd10a501b7af8ee
-
SHA512
29d3e16473eed49280904bdabeafbc9fec90fc0c6834ccf1859f87239a7ee36800d93928177737a0f03f95028d82562d234aabf7ea455ab752ef01f37c13ad59
-
SSDEEP
12288:R1C+aDIABbHVaQPNu58WXbNqCiRwql0cbsDWzOY4M7ZZiP3cEDrpcWbcRAn:H7u1lglbNqBDbsuOYjZEc0lW+
Static task
static1
Behavioral task
behavioral1
Sample
Transferencia de copia.rar
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
Transferencia de copia.exe
Resource
win10-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.coldiab.cl - Port:
587 - Username:
felipe.flores@coldiab.cl - Password:
C0ldi4b2021npsw.
Extracted
agenttesla
Protocol: smtp- Host:
mail.coldiab.cl - Port:
587 - Username:
felipe.flores@coldiab.cl - Password:
C0ldi4b2021npsw. - Email To:
administracion@coldiab.cl
Targets
-
-
Target
Transferencia de copia.r00
-
Size
787KB
-
MD5
c72b15c0cfe5a085b4164f72cfef7492
-
SHA1
a5c4e3e801e9dd666c770f097d822b266a0c2d6d
-
SHA256
3d3550693068ce7798061d4d792024a2c3c93573f13e0a08edd10a501b7af8ee
-
SHA512
29d3e16473eed49280904bdabeafbc9fec90fc0c6834ccf1859f87239a7ee36800d93928177737a0f03f95028d82562d234aabf7ea455ab752ef01f37c13ad59
-
SSDEEP
12288:R1C+aDIABbHVaQPNu58WXbNqCiRwql0cbsDWzOY4M7ZZiP3cEDrpcWbcRAn:H7u1lglbNqBDbsuOYjZEc0lW+
Score3/10 -
-
-
Target
Transferencia de copia.exe
-
Size
1.0MB
-
MD5
9f73f51c34999bd30c41ff45b417b578
-
SHA1
7abbf5b0553b39d8501671561d97f20624976d16
-
SHA256
69053ec4d9bb824c9e644af7701c3a004af55cd76d3079d9ab79c13d141ae652
-
SHA512
e1362852fb8b03fcb81c9f22a458ed9e8fe2a98a01cd23adfc32c6f1f4b10195effdd67a54f0b5e166dc22d4b8aa700f69d61c0c114f388e2b00a4cc3a1233cc
-
SSDEEP
24576:j5U6hLdFCXOv8e2nxec/AIeyp9OlQfGBM/vyLdFGLdFmDe1J:1TfFC+2nd/Fu9FuF4eH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-