General
-
Target
JUSTIFICANTE DE PAGO30032023pdf.exe
-
Size
766KB
-
Sample
230403-gr1xwsdb34
-
MD5
08422117b96b96d5164ef061bf874307
-
SHA1
3ff48d4a298db79468ab8716a9814f2fe703e031
-
SHA256
46903e776f2014fcd877ba071d2707c749ddae140e7682f5cc00c894914f3303
-
SHA512
22bdb0737d070e0783cdb2d311d827215b750d16ce29345266812ba61d2d9067c0bbe865df34dab37e9af56c96fba63547f7bf05cd1b7c1c8af10d4233102fc4
-
SSDEEP
12288:/ghti/pIS61qK7fXHUoTQDsqRaKbygMG9IFqnWAQsZufEIx5tx715v1:4O2A0fXHUSkdRPy1GRWAQRMIxTR13
Static task
static1
Behavioral task
behavioral1
Sample
JUSTIFICANTE DE PAGO30032023pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
JUSTIFICANTE DE PAGO30032023pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
opticaarense.com - Port:
587 - Username:
[email protected] - Password:
vGU5B*g^8Med - Email To:
[email protected]
Targets
-
-
Target
JUSTIFICANTE DE PAGO30032023pdf.exe
-
Size
766KB
-
MD5
08422117b96b96d5164ef061bf874307
-
SHA1
3ff48d4a298db79468ab8716a9814f2fe703e031
-
SHA256
46903e776f2014fcd877ba071d2707c749ddae140e7682f5cc00c894914f3303
-
SHA512
22bdb0737d070e0783cdb2d311d827215b750d16ce29345266812ba61d2d9067c0bbe865df34dab37e9af56c96fba63547f7bf05cd1b7c1c8af10d4233102fc4
-
SSDEEP
12288:/ghti/pIS61qK7fXHUoTQDsqRaKbygMG9IFqnWAQsZufEIx5tx715v1:4O2A0fXHUSkdRPy1GRWAQRMIxTR13
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-