General
-
Target
64548b61203f7f11ef1aef667fe19bbab564f43a62abdf0ddd89d5330a298d54
-
Size
112KB
-
Sample
231122-mpvkzsbg45
-
MD5
f9ec01d302011f81bdeb43d28169b3b7
-
SHA1
833d20e6c08f67c3b9541dc1d6c11d754aa6cb78
-
SHA256
64548b61203f7f11ef1aef667fe19bbab564f43a62abdf0ddd89d5330a298d54
-
SHA512
18a889a567fba87ab41c16844d1f3a1882165665fdb031c83963e298346c7e3850b3878db1a59ea799454c189eeafb1916783cddf9c888cf7bfda12d9207ce12
-
SSDEEP
384:TarebUqIH2VIGJfZf0iTbZ0yITJOHOfHgNN0G+37Zvj66QnzVcTaOidKjWPe9qbu:T3/p0IETJOHOfHgNNU766QYaOiz
Malware Config
Extracted
purecrypter
https://onedrive.live.com/download?resid=F6CFB1B6019B1562%21264&authkey=!AHGHtUCYkGXio4k&em=2
Extracted
agenttesla
Protocol: smtp- Host:
smtp.rapltorsupplies.com - Port:
587 - Username:
[email protected] - Password:
JG%xlMm6 - Email To:
[email protected]
Targets
-
-
Target
orden de compra 211123_Arvilab srl.exe
-
Size
52KB
-
MD5
8f1451919fb5f5da4ae9fb9e8422dfcf
-
SHA1
1d7f3ae4c3a73a801fd1f74387248f5c63d9582c
-
SHA256
bfcf7363ce0cf820c23913eacab873e1f9bc51b14611e2cac22f7a78529b18ee
-
SHA512
9a772675a0fb7dfc561967d7a9f3d8d97d272607b0d743f8d4865059cc4e4bf2551075115bba459387e836c460482be714a78eeeec9df1fe74e256c3dac74e09
-
SSDEEP
384:lebUqIH2VIGJfZf0iTbZ0yITJOHOfHgNN0G+37Zvj66QnzVcTaOidKjWPe9qbvW:w/p0IETJOHOfHgNNU766QYaOiz
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-