General
-
Target
z5SOLICITUDDEPRESUPUESTO08062023.exe
-
Size
856KB
-
Sample
230609-ygc7hsea4x
-
MD5
9a05d5df841c9eb2a2b0b007054926df
-
SHA1
c9cf0eb1851a98ff7b221d0b6ac15adab2dfb58d
-
SHA256
2dc7864d279868914b4241a995c7dcaed8e739a45f75496d11830b81a8786d71
-
SHA512
54878c3ee0c50824e8fdd10dd8adac0151c28c994709508a3f39744c07f9637477176527a4bbbd9e4bf7178cc23c8cee9853134a8ee297a68f9ee30e8c18006e
-
SSDEEP
12288:b03cDgPqHVqiDkN0IKkXl+lffrFLpI+1Z:Is0PqH0KkN0IKkXl+df
Static task
static1
Behavioral task
behavioral1
Sample
z5SOLICITUDDEPRESUPUESTO08062023.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
z5SOLICITUDDEPRESUPUESTO08062023.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.marineclaimoffice.com - Port:
587 - Username:
chris@marineclaimoffice.com - Password:
kensarowiwa77 - Email To:
chris@marineclaimoffice.com
Targets
-
-
Target
z5SOLICITUDDEPRESUPUESTO08062023.exe
-
Size
856KB
-
MD5
9a05d5df841c9eb2a2b0b007054926df
-
SHA1
c9cf0eb1851a98ff7b221d0b6ac15adab2dfb58d
-
SHA256
2dc7864d279868914b4241a995c7dcaed8e739a45f75496d11830b81a8786d71
-
SHA512
54878c3ee0c50824e8fdd10dd8adac0151c28c994709508a3f39744c07f9637477176527a4bbbd9e4bf7178cc23c8cee9853134a8ee297a68f9ee30e8c18006e
-
SSDEEP
12288:b03cDgPqHVqiDkN0IKkXl+lffrFLpI+1Z:Is0PqH0KkN0IKkXl+df
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-