General
-
Target
25042024_0342_24042024_comprobante_9887887.tar
-
Size
1KB
-
Sample
240425-d9pqssef54
-
MD5
b375dbd9350493ebab3d0d1a66b28a5a
-
SHA1
99f2f6e73bc6469080bba4ecd21c774b324a39c4
-
SHA256
4b00ec7fa5bb5ab25e79bea3342db01444604bb0c83618a474d2f57501db9947
-
SHA512
10d940a592be884b370ad8b37b81dcb3a1d7066b78b846ffc5f7e053e731d37c3d429c21ab83afafec55047d1552c7db47146f43d067c1b800bf350c5687ffc3
Static task
static1
Behavioral task
behavioral1
Sample
comprobante_9887887.js
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
comprobante_9887887.js
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
=A+N^@~c]~#I
Targets
-
-
Target
comprobante_9887887.js
-
Size
5KB
-
MD5
39f9206f83d0141caec19300d528fd57
-
SHA1
c78e336bd902973b64108eb003aeb0a92e48bf26
-
SHA256
a09d8c7cd5db2add2d2aba1810a14afb1f602dd81db92e6f4889d93dfaf455f0
-
SHA512
b4670af49b60cde81064d4971498b84d38f94b35b49b01c97573eb3ed73870cf0afbb0496f174addec58f3ef435cbf78dd4a20a09f930d44196f72142e9a5097
-
SSDEEP
96:QcbRUp/NhXhqan4JvvommR39pfh24meHBhmeRqmeRdmeRbmeRoBgmeFFcKRUpl9h:z6rxqqpz+D60S
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-