General
-
Target
ΠΡΟΣΦΟΡΑ ΠΑΝΕΛ X37 4-3-2024.pdf.uue
-
Size
513KB
-
Sample
240312-j65kqscd9s
-
MD5
c2a88caf78221d1341ef965b3197528f
-
SHA1
c67f4497268b58efe718421071ce8788cf313d1e
-
SHA256
5871e1613e22726e5efa542c429360572c43fe65ad87db94373e599b21181177
-
SHA512
b2545e4ad67a46650d9d357b4fe7a692b9940fa9ca99a65b158f3a4c9574dca506f2f034699eafbfa0c47faeb0ae999dec4b7c353a4ee15c4a433d04da195e6c
-
SSDEEP
12288:JRDiK+9v/+5OTW5PTzFj+5lsnDJeXlspw8Q/k8cfsniKqi18e:iK75AWFzFqM0lspw8Q/kTKh1J
Behavioral task
behavioral1
Sample
ΠΡΟΣΦΟΡΑ ΠΑΝΕΛ X37 4-3-2024.pdf.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ΠΡΟΣΦΟΡΑ ΠΑΝΕΛ X37 4-3-2024.pdf.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
ΠΡΟΣΦΟΡΑ ΠΑΝΕΛ X37 4-3-2024.pdf.exe
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
ΠΡΟΣΦΟΡΑ ΠΑΝΕΛ X37 4-3-2024.pdf.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
out.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
out.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solucionesmexico.mx - Port:
21 - Username:
[email protected] - Password:
dGG^ZYIxX5!B
Targets
-
-
Target
ΠΡΟΣΦΟΡΑ ΠΑΝΕΛ X37 4-3-2024.pdf.uue
-
Size
513KB
-
MD5
c2a88caf78221d1341ef965b3197528f
-
SHA1
c67f4497268b58efe718421071ce8788cf313d1e
-
SHA256
5871e1613e22726e5efa542c429360572c43fe65ad87db94373e599b21181177
-
SHA512
b2545e4ad67a46650d9d357b4fe7a692b9940fa9ca99a65b158f3a4c9574dca506f2f034699eafbfa0c47faeb0ae999dec4b7c353a4ee15c4a433d04da195e6c
-
SSDEEP
12288:JRDiK+9v/+5OTW5PTzFj+5lsnDJeXlspw8Q/k8cfsniKqi18e:iK75AWFzFqM0lspw8Q/kTKh1J
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
-
-
Target
ΠΡΟΣΦΟΡΑ ΠΑΝΕΛ X37 4-3-2024.pdf.exe
-
Size
538KB
-
MD5
4a131474e1604362ea66aa8cb2cfa2d9
-
SHA1
76d840d9a217d576632e46bd180ea24a90ad00c9
-
SHA256
ec62e133dd492c0e3a590316c54a0a20bfce592744c99cafdf430718c62bab02
-
SHA512
7a323c6a3c4b8ee6ff17409bb60a9012cf48f5403c85e6297c3e8d132521718b2d841eb6c7d2bce807ec24b90709a218fc398144ea04834a7c3b4e7dc2a1c249
-
SSDEEP
12288:TYV6MorX7qzuC3QHO9FQVHPF51jgcxaVu+hyrwctIJqTPL:QBXu9HGaVHGIeqTz
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
-
-
Target
out.upx
-
Size
1009KB
-
MD5
81cdfd745e1a75b778413c3a3544c2a4
-
SHA1
457c28c0d774cc84ed358b4d660a898de5793d12
-
SHA256
197edfbbb2b812fde5fada0747d7782ed91ce80a3c8848c5e8e76524bcd37acf
-
SHA512
1b0f8307eb3c66792a5871705912f137390e3062a4e014107a58972ed13694508a0fed81c85a451a45bb62d5241e6a7bb00d326aef3afdc3da529cb7e11d3ab1
-
SSDEEP
24576:WAHnh+eWsN3skA4RV1Hom2KXDmyIeqTz:xh+ZkldoPKz1IJ
Score1/10 -