General
-
Target
FACTURA_.EXE.exe
-
Size
710KB
-
Sample
240327-m2t5zsdg3y
-
MD5
8670ff57444ced9cc643f4588e41a93e
-
SHA1
7195dc5aeda6f7f88e32e3aab2c696959c4e42a5
-
SHA256
4150a9254130775146e1973ba461ffacc7d51365da70db48becba50fbfc1e39d
-
SHA512
d4948994ac3dfb526a0b03b8c3d442c4254f2145fbe3574f45e4b4bd5ddbc575870ad261de7f92a351808ecb1c8b62ea9c4e86c69ae945c4cb8cccf090c5c0fd
-
SSDEEP
12288:AsHzOUNUSB/o5LsI1uwajJ5yvv1l2WiqfqVR7idUfRgtdvGmavCbyBW6/:TiUmSB/o5d1ubcvpjbdWgf2W6/
Behavioral task
behavioral1
Sample
FACTURA_.EXE.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
FACTURA_.EXE.exe
-
Size
710KB
-
MD5
8670ff57444ced9cc643f4588e41a93e
-
SHA1
7195dc5aeda6f7f88e32e3aab2c696959c4e42a5
-
SHA256
4150a9254130775146e1973ba461ffacc7d51365da70db48becba50fbfc1e39d
-
SHA512
d4948994ac3dfb526a0b03b8c3d442c4254f2145fbe3574f45e4b4bd5ddbc575870ad261de7f92a351808ecb1c8b62ea9c4e86c69ae945c4cb8cccf090c5c0fd
-
SSDEEP
12288:AsHzOUNUSB/o5LsI1uwajJ5yvv1l2WiqfqVR7idUfRgtdvGmavCbyBW6/:TiUmSB/o5d1ubcvpjbdWgf2W6/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-