General

  • Target

    DHL867888_factura_commerciale.pdf.exe

  • Size

    1.1MB

  • Sample

    240406-fbdxrabd76

  • MD5

    9842d8bba2d48e81380868e0b5b41190

  • SHA1

    ba5b360e9ac680e69e08a0a25f124b4a37865272

  • SHA256

    72d37fd4fd8aaa1bd6dd8fb6fc57bd50bf297fb4622aaba860af4cbcfe9aa7f1

  • SHA512

    bacdd5c229e4d8f687242c8b8c1e70ae0149c1613043818806e4d9ed07ff6ee5c1af3758ec4a6767ef376984102ff01867b5759f412158a0edbac212d764fb1b

  • SSDEEP

    24576:qqDEvCTbMWu7rQYlBQcBiT6rprG8asGfKH31Sdj:qTvC/MTQYxsWR7asGCX1

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.elquijotebanquetes.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    -GN,s*KH{VEhPmo)+f

Targets

    • Target

      DHL867888_factura_commerciale.pdf.exe

    • Size

      1.1MB

    • MD5

      9842d8bba2d48e81380868e0b5b41190

    • SHA1

      ba5b360e9ac680e69e08a0a25f124b4a37865272

    • SHA256

      72d37fd4fd8aaa1bd6dd8fb6fc57bd50bf297fb4622aaba860af4cbcfe9aa7f1

    • SHA512

      bacdd5c229e4d8f687242c8b8c1e70ae0149c1613043818806e4d9ed07ff6ee5c1af3758ec4a6767ef376984102ff01867b5759f412158a0edbac212d764fb1b

    • SSDEEP

      24576:qqDEvCTbMWu7rQYlBQcBiT6rprG8asGfKH31Sdj:qTvC/MTQYxsWR7asGCX1

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks