General
-
Target
06122023_1525_orden de compra.PDF.7z
-
Size
392KB
-
Sample
231206-h87x7sce92
-
MD5
d86a4896ad7c1a5907ee02c9364b87e7
-
SHA1
01bdffafe3130398d855ed0ef8fe2704c5c7be40
-
SHA256
3e4c047f46a99f4c9de4a0bf082a4ea88b9ed665bac6b66459964a925831ccf9
-
SHA512
989bad7154091635e70ea097e3f8bf005aa2f22573d37c77091c1a1b3919c3fd07f09c98a5899a85d3199b7848a58e01c5378506fba135700fcb0423ff4f54f6
-
SSDEEP
6144:18RM5hc4BMPsRZgXy73pe2WnUfZ36KAJ95MVq8iFart49SHQBi:1aM0PUoi7wJn9aVqharJHQi
Static task
static1
Behavioral task
behavioral1
Sample
orden de compra.PDF__________________________.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
orden de compra.PDF__________________________.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
orden de compra.PDF__________________________.exe
-
Size
429KB
-
MD5
bdf2b3b191432b2beb2d9280bc15cfc5
-
SHA1
490bdef6de2ea69eb1363e4dc790e132e4b73a3b
-
SHA256
fd1e71506e6acef86142f01c0f8550f6c8908b7337b86b627ace2af6cbda1453
-
SHA512
c37b9994381c17a9a3e3576b0ddfd4a77d56deeb6529c19033138a2cfe7d016c4e9a1ee1cbfd8723bac1121a42d8bef9941212262c27f3dd74d780eea72bad2c
-
SSDEEP
6144:Z8LxB9Z0Q7EjnhEXc0ZBnVHlN4T6XoFy8RiwjiI0CAi2FCnfSDRWXHSAu:eZ17ghr0rnLN4T6Gy8905FCnqAXfu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-