General
-
Target
0089789Nuevo orden.exe
-
Size
849KB
-
Sample
231204-n6erjaah76
-
MD5
1177200ba703d00a87eb6114e68972c8
-
SHA1
98a40d14dc7d3962cc7aae7e98af7f8f8aa5ea2f
-
SHA256
62af6b2f03773a1f7e3c92cfec408e2068adbd89d4e083ebe0ae90f8ed432c07
-
SHA512
e53e16233458b2f2bd1fc2018143a32922a83df16a19a944988103d42871ef95063a8c5bd0a891bdc1a5fe1daf46b36209a0583c771e4bdfe6202e4fab0babc6
-
SSDEEP
24576:1WNiEg7cFdwi2uzqVQRUGN6GlwjtAfXbgypW:6yYgQRUGwGyjtA/9pW
Static task
static1
Behavioral task
behavioral1
Sample
0089789Nuevo orden.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
0089789Nuevo orden.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.siscop.com.co - Port:
21 - Username:
[email protected] - Password:
+5s48Ia2&-(t
Targets
-
-
Target
0089789Nuevo orden.exe
-
Size
849KB
-
MD5
1177200ba703d00a87eb6114e68972c8
-
SHA1
98a40d14dc7d3962cc7aae7e98af7f8f8aa5ea2f
-
SHA256
62af6b2f03773a1f7e3c92cfec408e2068adbd89d4e083ebe0ae90f8ed432c07
-
SHA512
e53e16233458b2f2bd1fc2018143a32922a83df16a19a944988103d42871ef95063a8c5bd0a891bdc1a5fe1daf46b36209a0583c771e4bdfe6202e4fab0babc6
-
SSDEEP
24576:1WNiEg7cFdwi2uzqVQRUGN6GlwjtAfXbgypW:6yYgQRUGwGyjtA/9pW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-