General
-
Target
Nuevo orden09.xlam
-
Size
604KB
-
Sample
231201-hsayjafg23
-
MD5
1cced94c2f3295856386a392a325da66
-
SHA1
dcfae48899f023345cc40c719c44667901800915
-
SHA256
82654c49112053c84ca03dad9fe70453d7a0565da3b0ce398cb884807827f992
-
SHA512
ced1b717a2609a566189a201aab8278e998e151e3816ddc7b5be9c63e7a348c02c93f09809b6d0207d056bc2a43dea29e7ee470e5eebdf6b612bc12dce6966c9
-
SSDEEP
12288:8qDEDDicPcVmotix40XvlFPGAAvjh6zIFS3iXb7Ze94yaoTnkcu7HJtGUNwN:jSDickVV7cDGt6zhiXICyJ4cCHJtjN8
Static task
static1
Behavioral task
behavioral1
Sample
Nuevo orden09.xlam
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Nuevo orden09.xlam
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5866032214:AAFIOyXMBAXtSDPbd1lqRSgP4WSftaTimg4/
Targets
-
-
Target
Nuevo orden09.xlam
-
Size
604KB
-
MD5
1cced94c2f3295856386a392a325da66
-
SHA1
dcfae48899f023345cc40c719c44667901800915
-
SHA256
82654c49112053c84ca03dad9fe70453d7a0565da3b0ce398cb884807827f992
-
SHA512
ced1b717a2609a566189a201aab8278e998e151e3816ddc7b5be9c63e7a348c02c93f09809b6d0207d056bc2a43dea29e7ee470e5eebdf6b612bc12dce6966c9
-
SSDEEP
12288:8qDEDDicPcVmotix40XvlFPGAAvjh6zIFS3iXb7Ze94yaoTnkcu7HJtGUNwN:jSDickVV7cDGt6zhiXICyJ4cCHJtjN8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-