General
-
Target
BILL COPIES FOR THE CARGO LOADED.rar
-
Size
634KB
-
Sample
231212-pt4essdaan
-
MD5
2b14337a82650a947f648a1a32ece518
-
SHA1
e014952b3fc108ca10d9ad0a537b945cac91e9b2
-
SHA256
61c17cd9a0cb97bd062d3477a63c62659c111a6a29121820ae9cf5f391dbc5fc
-
SHA512
89f0dd3d7a610ac94faae60a4fd35bee8cabfd7398508dff8f16378f7e555ffc2e748f38ca1b593c5fa28a3065d990f2061a83899187254c48941dc584e0a2bb
-
SSDEEP
12288:vcoLvegiPGA/0DKpLefOQ3QfXNcaPxJI+wPavSnu27TXviQ9QYwa8SWE:vceiOmcBMWaJJI+TauwX6lda9
Static task
static1
Behavioral task
behavioral1
Sample
BILL COPIES FOR THE CARGO LOADED.exe
Resource
win7-20231130-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mercuresurabaya.com - Port:
21 - Username:
[email protected] - Password:
2ffPmXZ_5A{G
Extracted
Protocol: ftp- Host:
ftp.mercuresurabaya.com - Port:
21 - Username:
[email protected] - Password:
2ffPmXZ_5A{G
Targets
-
-
Target
BILL COPIES FOR THE CARGO LOADED.exe
-
Size
698KB
-
MD5
b1481791fc782040d8533019a3095e57
-
SHA1
4f6699140313855dbe364831fbbaf5e794aac9d6
-
SHA256
9d687a4e898291e7635a79e45f7cb5cd2f987dcd6f909d495e83dac2e1fd0cfc
-
SHA512
d853b650704ad89f82df75e581dc9e53b0b9fd8749a14b2a037dde4d3b8f5a105c37127b836c3f38011b0e5984b8f78537ba2f4ab64304a7b3ce2a6e23e0c514
-
SSDEEP
12288:yw3IU8S6eUdvSTznalJakk9uUXKsU3ky+pJ2frjrnGbW9fTbKYCNjPVHdys9bzs7:3ItSAdj3k9rKBPrGi9bbEPVHn5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-