General
-
Target
New Compressed (zipped) Folder.zip
-
Size
767B
-
Sample
231202-2cvsjsgb4w
-
MD5
03a2a7cfbbdc73e5971d8c54a171a281
-
SHA1
86a6f06381859aa34fc8932368b1da243323773b
-
SHA256
8dbad0a522a6c2545965cf75bb52ee23749073e3d55f97165faf92b109f87c68
-
SHA512
b81d28ab4c9e3f72410e04e89bed04704aa58c897df5c56afa8c02022793f508cb51ba104edb7a2f1b934a2904429807e475c5e700bb77da7eed857f30dbcba5
Static task
static1
Malware Config
Extracted
risepro
193.233.132.51
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
kFxADjwNBm$_
Targets
-
-
Target
New Compressed (zipped) Folder.zip
-
Size
767B
-
MD5
03a2a7cfbbdc73e5971d8c54a171a281
-
SHA1
86a6f06381859aa34fc8932368b1da243323773b
-
SHA256
8dbad0a522a6c2545965cf75bb52ee23749073e3d55f97165faf92b109f87c68
-
SHA512
b81d28ab4c9e3f72410e04e89bed04704aa58c897df5c56afa8c02022793f508cb51ba104edb7a2f1b934a2904429807e475c5e700bb77da7eed857f30dbcba5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-