General
-
Target
dff5620e2928f79b1959f4b53fd1c4960bf3be30c1a6550f458ece581283e8d5
-
Size
625KB
-
Sample
240426-cgffzshb7s
-
MD5
a6ddaed14abf0d503917fcca87a2b3d7
-
SHA1
5e001d7bc3119a59666a05d0f11c727b06d22d66
-
SHA256
dff5620e2928f79b1959f4b53fd1c4960bf3be30c1a6550f458ece581283e8d5
-
SHA512
90e50d8a225a4602850b9a5a5689620d62c014eb7951e6812a7cd2e401461593812c8deb20b3e142f30c40c0ef7366f61ac5c00517b3173f626831bbe5b8180e
-
SSDEEP
12288:pflyXCMrC3bX+YviRbeq8BHdAoJmhy58RJAqoCIaUcBg0/Oct43QimyU:B+CMrCZiRCPB9AobMqqorcO2eU
Static task
static1
Behavioral task
behavioral1
Sample
Proforma invoice.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Proforma invoice.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.tecnical-mx.com - Port:
587 - Username:
azucena.pantoja@tecnical-mx.com - Password:
()WM*^(6
Extracted
agenttesla
Protocol: smtp- Host:
smtp.tecnical-mx.com - Port:
587 - Username:
azucena.pantoja@tecnical-mx.com - Password:
()WM*^(6 - Email To:
azucena.pantoja@tecnical-mx.com
Targets
-
-
Target
Proforma invoice.exe
-
Size
1.0MB
-
MD5
128c4302ce0ac77fbf3036ecfef5b188
-
SHA1
c695f5001043549499e809e2108c8c737a9295bb
-
SHA256
771c61f1816431acb621234047df7cbd9c1434e919b824c9b565186d1099d876
-
SHA512
9cfe4d68a661b9e251612ce4ecd18d2686c933a61400c8de41c43096a71b64a5ffaa2378ba759e05d038add0f469d90a98e4bf4e209f430339d69ecad44996bc
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1Hom2KXMmHam6O2mMy5:Rh+ZkldoPK8Yam/20
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-