General
-
Target
FACTURA.exe
-
Size
1.1MB
-
Sample
240403-m8kj5acd6x
-
MD5
ac0e9865c24a0678d2cee67a7e91ab80
-
SHA1
1523c2eced8c66d9996b714db621309f93617a51
-
SHA256
6102e8a27367b379714554fc2034d631e6f0eb83b465ecb0263171c3a397b51a
-
SHA512
b72c5e8fcfac228f23f5b978a366be8e89aaf08892bbc2b745dafcea5d05101d734a655a745340e27bdf30b0939c1c938ff5f441709b64c1447c45bc145cb7d8
-
SSDEEP
24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8ajRCwb1VbtyBhKEA2Z:1TvC/MTQYxsWR7ajQwb3btkhhb
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA.exe
Resource
win7-20240221-es
Behavioral task
behavioral2
Sample
FACTURA.exe
Resource
win10v2004-20240226-es
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cash4cars.nz - Port:
587 - Username:
[email protected] - Password:
logs2024! - Email To:
[email protected]
Targets
-
-
Target
FACTURA.exe
-
Size
1.1MB
-
MD5
ac0e9865c24a0678d2cee67a7e91ab80
-
SHA1
1523c2eced8c66d9996b714db621309f93617a51
-
SHA256
6102e8a27367b379714554fc2034d631e6f0eb83b465ecb0263171c3a397b51a
-
SHA512
b72c5e8fcfac228f23f5b978a366be8e89aaf08892bbc2b745dafcea5d05101d734a655a745340e27bdf30b0939c1c938ff5f441709b64c1447c45bc145cb7d8
-
SSDEEP
24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8ajRCwb1VbtyBhKEA2Z:1TvC/MTQYxsWR7ajQwb3btkhhb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-