General

  • Target

    Nueva Orden.xla.xlsx

  • Size

    391KB

  • Sample

    231207-va3l2sdf69

  • MD5

    20d7b7e70ea53065f8f5cbf5f2abde62

  • SHA1

    1574428c29f993ba3efa4dca4d7e493cd15bf605

  • SHA256

    3936c2bfa7b6ad5e67b8abd8228c633f77302f5f6883162ac8a0f5ae72a24702

  • SHA512

    021e165fbb621b8da8d3d2a2b9dea95910c37803dd865f0cb600a837fa1400249d393f7cf1fb2e97872e1eb1c54e157138206ce07c340c9dd375767da55bf41e

  • SSDEEP

    12288:UOergqKjij4a3DjM1+UT3A/6IGsIHOgEnVu:UOeDEezjs+UUSnHwn

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.elquijotebanquetes.com
  • Port:
    21
  • Username:
    husband@elquijotebanquetes.com
  • Password:
    kFxADjwNBm$_

Targets

    • Target

      Nueva Orden.xla.xlsx

    • Size

      391KB

    • MD5

      20d7b7e70ea53065f8f5cbf5f2abde62

    • SHA1

      1574428c29f993ba3efa4dca4d7e493cd15bf605

    • SHA256

      3936c2bfa7b6ad5e67b8abd8228c633f77302f5f6883162ac8a0f5ae72a24702

    • SHA512

      021e165fbb621b8da8d3d2a2b9dea95910c37803dd865f0cb600a837fa1400249d393f7cf1fb2e97872e1eb1c54e157138206ce07c340c9dd375767da55bf41e

    • SSDEEP

      12288:UOergqKjij4a3DjM1+UT3A/6IGsIHOgEnVu:UOeDEezjs+UUSnHwn

MITRE ATT&CK Matrix ATT&CK v13

Execution

Exploitation for Client Execution

1
T1203

Defense Evasion

Modify Registry

1
T1112

Tasks