Overview

overview

10

Static

static

1

comprobant...887.js

windows7-x64

10

comprobant...887.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25042024_0342_24042024_comprobante_9887887.tar

  • Size

    1KB

  • Sample

    240425-d9pqssef54

  • MD5

    b375dbd9350493ebab3d0d1a66b28a5a

  • SHA1

    99f2f6e73bc6469080bba4ecd21c774b324a39c4

  • SHA256

    4b00ec7fa5bb5ab25e79bea3342db01444604bb0c83618a474d2f57501db9947

  • SHA512

    10d940a592be884b370ad8b37b81dcb3a1d7066b78b846ffc5f7e053e731d37c3d429c21ab83afafec55047d1552c7db47146f43d067c1b800bf350c5687ffc3

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    =A+N^@~c]~#I

Targets

    • Target

      comprobante_9887887.js

    • Size

      5KB

    • MD5

      39f9206f83d0141caec19300d528fd57

    • SHA1

      c78e336bd902973b64108eb003aeb0a92e48bf26

    • SHA256

      a09d8c7cd5db2add2d2aba1810a14afb1f602dd81db92e6f4889d93dfaf455f0

    • SHA512

      b4670af49b60cde81064d4971498b84d38f94b35b49b01c97573eb3ed73870cf0afbb0496f174addec58f3ef435cbf78dd4a20a09f930d44196f72142e9a5097

    • SSDEEP

      96:QcbRUp/NhXhqan4JvvommR39pfh24meHBhmeRqmeRdmeRbmeRoBgmeFFcKRUpl9h:z6rxqqpz+D60S

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks