General
-
Target
message__6554654a148aa91baa81eba864949685_grupofitec_com_.eml
-
Size
877KB
-
Sample
240328-hacz6scd94
-
MD5
1ff4d48987364107f32975494881e718
-
SHA1
f9d335b6cf99b5e6ff82878bf2062977dcbc3489
-
SHA256
88d329bc79df8872e028b644de8a28cbc2608f632f841dbb21ffa4fa99d8ca85
-
SHA512
90c6cc027e415dcf7059a61fcb0e50274d0ed6f4384d3287542087d2fab51aa6d0644c987d568a4f9b3be39ee675c082f6edb4e58954d7b483690b352e7716e7
-
SSDEEP
24576:FNV0p5+YBUhQusEQvnoea/vD2naQFnuiL:JcVeD2aQVx
Static task
static1
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7189076260:AAHEL9QuHqQcKXN8kPXNO5BpYSd3XtQOqFg/
Targets
-
-
Target
Facturas Marzo.exe
-
Size
746KB
-
MD5
2ab9c5d43df277601578f57b0667dfba
-
SHA1
253ab90ac289518e17786676a2786a31d7148e13
-
SHA256
808b3770297bd70c5d9026b4c7d727dc124769f10726645d56869cc48ae32960
-
SHA512
6521c55d01ef052ff3a9881c0f34e4385eff41c203e348d6c4a67ec867a684fd5696989465a9455cadb8e9c8a6152e6689f434881a3d12d216a6a2d1dfa13064
-
SSDEEP
12288:Jd8sIDs7OHMLuo2+vVB7uDcmcZ6Ub/Icjrqvnpm4wPtxhIfARPZXKC7NkU0cwsDf:Jd8sIDrMJ20QbcZxb/Icjsc48JIQh1B/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-