General
-
Target
DHL867888_factura_commerciale.pdf.exe
-
Size
1.1MB
-
Sample
240406-fbdxrabd76
-
MD5
9842d8bba2d48e81380868e0b5b41190
-
SHA1
ba5b360e9ac680e69e08a0a25f124b4a37865272
-
SHA256
72d37fd4fd8aaa1bd6dd8fb6fc57bd50bf297fb4622aaba860af4cbcfe9aa7f1
-
SHA512
bacdd5c229e4d8f687242c8b8c1e70ae0149c1613043818806e4d9ed07ff6ee5c1af3758ec4a6767ef376984102ff01867b5759f412158a0edbac212d764fb1b
-
SSDEEP
24576:qqDEvCTbMWu7rQYlBQcBiT6rprG8asGfKH31Sdj:qTvC/MTQYxsWR7asGCX1
Static task
static1
Behavioral task
behavioral1
Sample
DHL867888_factura_commerciale.pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DHL867888_factura_commerciale.pdf.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
-GN,s*KH{VEhPmo)+f
Targets
-
-
Target
DHL867888_factura_commerciale.pdf.exe
-
Size
1.1MB
-
MD5
9842d8bba2d48e81380868e0b5b41190
-
SHA1
ba5b360e9ac680e69e08a0a25f124b4a37865272
-
SHA256
72d37fd4fd8aaa1bd6dd8fb6fc57bd50bf297fb4622aaba860af4cbcfe9aa7f1
-
SHA512
bacdd5c229e4d8f687242c8b8c1e70ae0149c1613043818806e4d9ed07ff6ee5c1af3758ec4a6767ef376984102ff01867b5759f412158a0edbac212d764fb1b
-
SSDEEP
24576:qqDEvCTbMWu7rQYlBQcBiT6rprG8asGfKH31Sdj:qTvC/MTQYxsWR7asGCX1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-