General
-
Target
c11f99b7c2f0e5e8dcfa64160447e7e9360d37819070a56ad33b9c19123b9788
-
Size
523KB
-
Sample
240522-q88hqsdg8y
-
MD5
c6efd3de1608f350a61a6ef9cfd3d34b
-
SHA1
e441135262f33ac34fc4a79dff514dfacf752eab
-
SHA256
c11f99b7c2f0e5e8dcfa64160447e7e9360d37819070a56ad33b9c19123b9788
-
SHA512
9d04445d15fb8c9c70780b479931edba3f4806af323e1f77fd3e7a22cfb7c759cc24a44b4a9d7ddbb2103276c6a6216f795e88edc46c8fa42f4b58a5e6384295
-
SSDEEP
12288:CApn1nVEUkfP6Xex/yoLIkz0HhLiK6j09GWdEif:CAR9qbK2nL0Nde+f
Static task
static1
Behavioral task
behavioral1
Sample
Nuevo orden _5464850.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Nuevo orden _5464850.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.grupovamex.com - Port:
21 - Username:
[email protected] - Password:
tTgUWMBntHIE
Targets
-
-
Target
Nuevo orden _5464850.exe
-
Size
1013KB
-
MD5
fdcfe0864d9cac72b71057f9c8da739b
-
SHA1
1f04dbd0ee5eb73fa1850482569bd591c5d8f113
-
SHA256
ee209e95e1342d3ace87643a6a9d06d4a7f020837efad000502ff226b31b2e86
-
SHA512
3443b5436be3d8158b3a65f05b074f6ef359ac677de4b32a49441372d7fab7dc2a9bba7f4d5c4529e6aec63b02da6f3785834a2a5fdf3ac9fcc9aa62a3f2242f
-
SSDEEP
24576:XAHnh+eWsN3skA4RV1Hom2KXMmHac2Qm2YZ1Ziwx5:Kh+ZkldoPK8Yac2QmT15
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-