General
-
Target
NUEVO FORMULARIO DE PEDIDO 09-3880073016.uu
-
Size
519KB
-
Sample
240329-rttayaae5z
-
MD5
7620362b4836fd3ac63c8af67d962afb
-
SHA1
bb1da18bf0545554a61569cff1b76893cd94e7ba
-
SHA256
4c0bdf2a6713ad274c9dbe4f24307a87cb71abe3d9068e792bf79943ed3e61e1
-
SHA512
aae42a4907991db18e53cfb59870e4ad6917f3fadee50133b38084be33f4ca567cf047bcbb0e7a77e27e5fe0a11a68287e7069dab1719ee21dc1d24392ce6f7d
-
SSDEEP
12288:N0GDXV+3v/45FiSAG930PTzFmw5Fl5nfJaXairzZMQIb7yhdu:N0iVX5FPAawzFtlIxyb7udu
Behavioral task
behavioral1
Sample
NUEVO FORMULARIO DE PEDIDO 09-3880073016.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
-GN,s*KH{VEhPmo)+f
Targets
-
-
Target
NUEVO FORMULARIO DE PEDIDO 09-3880073016.exe
-
Size
545KB
-
MD5
0190b6953075d9f2fea81a4a87923a9b
-
SHA1
8e87dd95f7737985e66e7457eb311308b14a852d
-
SHA256
32ddc65c90c3523836657a9472f615d480ea7fac2da9a7912685fe60559ecde4
-
SHA512
7ddea43aa1350a9c630ce22659d9f77b756fa721e9cbe2afd8c3c80ca571f779175afedae84aa0a71d6ed31f4347a03076914b37413a17bc8f78a0eb9d79800c
-
SSDEEP
12288:hYV6MorX7qzuC3QHO9FQVHPF51jgcrnHoOO6TrtzwChkunt6G:2BXu9HGaVH7oWTZBhR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-