Overview
overview
10Static
static
10000004025...57.eml
windows7-x64
50000004025...57.eml
windows10-2004-x64
3PEDIDO 4500998957.eml
windows7-x64
5PEDIDO 4500998957.eml
windows10-2004-x64
3PM910255_P..._1.rar
windows7-x64
3PM910255_P..._1.rar
windows10-2004-x64
3PM910255_P..._1.exe
windows7-x64
10PM910255_P..._1.exe
windows10-2004-x64
10email-html-1.html
windows7-x64
1email-html-1.html
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1General
-
Target
0000004025-Fwd_ PEDIDO 4500998957.eml
-
Size
1.1MB
-
Sample
240522-svg5qsfg79
-
MD5
a5c8f06b31d03180caa1ac71e7cab884
-
SHA1
9bfd7a63bd3327e1dec634ec6920c40aa746bf5a
-
SHA256
e71d36e70599a6a1feef32910c636e9b63a82e3b1c95ba1c22d8c8627daf89f0
-
SHA512
36b90bb687017a511848ad41067d20334b509eb907c7f4b34a57062bf024817de73778f84056389c09bb0057a0efd45b0a518e60755b27e2911208e1fc42bf14
-
SSDEEP
24576:XoE3U7xeuwxRpLAsbVszOSPdlT7b9Ta+8L7:XA9wA6WJP5Av
Static task
static1
Behavioral task
behavioral1
Sample
0000004025-Fwd_ PEDIDO 4500998957.eml
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0000004025-Fwd_ PEDIDO 4500998957.eml
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
PEDIDO 4500998957.eml
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
PEDIDO 4500998957.eml
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
PM910255_PRD0000416382_1.rar
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
PM910255_PRD0000416382_1.rar
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
PM910255_PRD0000416382_1.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
PM910255_PRD0000416382_1.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
email-html-1.html
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
email-html-1.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
email-plain-1.txt
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
email-plain-1.txt
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.midhcodistribuciones.com - Port:
21 - Username:
[email protected] - Password:
,A7}+JV4KExQ
Extracted
Protocol: ftp- Host:
ftp.midhcodistribuciones.com - Port:
21 - Username:
[email protected] - Password:
,A7}+JV4KExQ
Targets
-
-
Target
0000004025-Fwd_ PEDIDO 4500998957.eml
-
Size
1.1MB
-
MD5
a5c8f06b31d03180caa1ac71e7cab884
-
SHA1
9bfd7a63bd3327e1dec634ec6920c40aa746bf5a
-
SHA256
e71d36e70599a6a1feef32910c636e9b63a82e3b1c95ba1c22d8c8627daf89f0
-
SHA512
36b90bb687017a511848ad41067d20334b509eb907c7f4b34a57062bf024817de73778f84056389c09bb0057a0efd45b0a518e60755b27e2911208e1fc42bf14
-
SSDEEP
24576:XoE3U7xeuwxRpLAsbVszOSPdlT7b9Ta+8L7:XA9wA6WJP5Av
Score5/10-
Drops file in System32 directory
-
-
-
Target
PEDIDO 4500998957.eml
-
Size
1.1MB
-
MD5
95f5102193b2eb98a06920263efc61bb
-
SHA1
35d0d603039e15c0a9778768654e2992d8279420
-
SHA256
fa060b11b5143a3ef50ea1338732487ee8b21af63663de8454fd12091221a0e5
-
SHA512
20ec04e0992f21091ba4d31cc463129a2047927d5a0ce6d49705e078fa38ac8830ca158c668a71f236ac6493c103aa28ab9b134e94ad7a2f1a3cfcaf80b31781
-
SSDEEP
24576:3oE3U7xeuwxRpLAsbVszOSPdlT7b9Ta+8L6:3A9wA6WJP5A2
Score5/10-
Drops file in System32 directory
-
-
-
Target
PM910255_PRD0000416382_1.gz
-
Size
654KB
-
MD5
4341cd61188b355f1094c974c0797453
-
SHA1
813d1ebc8e4911a53277a8f33f9384e95b572d7e
-
SHA256
70618f81836249b022347e4421f300095e818bbd2cc038fa492b31ed2b625879
-
SHA512
10481bf16f778592f0adae495cd5d7633d51c6750256ec959255db3cfe89165f5dfc38dcfea95123741dc75d34263bd907bbfbce6abcee77834b8f122de01754
-
SSDEEP
12288:b/Z4CvrqK7ZfLXOhk39SMhwAuKRryTSNGbPIYhGldnth7LsQK:bRRrqKFLXxgMhwI4TWGfGlx/K
Score3/10 -
-
-
Target
PM910255_PRD0000416382_1.exe
-
Size
684KB
-
MD5
31dca7777866e958168b30a052d54d2d
-
SHA1
f79ad5c35e2e71eddeebaa5198c024d4cef269ba
-
SHA256
d8887cf7af1f39ffeb6b4639ce98e5d49c16be4818d317f6a96b126c94b3b271
-
SHA512
85d2d3bb37ac84f695770302e0b5447a2cb6c7c50949e6f9739c61fd9e76aadcafa1003d17a9afe436ed0e4cbf103ccad38528aa4291f9b6db4941fc0a0bd212
-
SSDEEP
12288:Qfi27XkJNLFnt/e47dNGh36xQODwjihjVH/M5/Sqkxbv0bkR:6hOZhTB01gQOQihh05/Sqkd1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
email-html-1.txt
-
Size
181KB
-
MD5
4c867386d2a41e98969078960aeebe04
-
SHA1
17f4db1a694523b1b6d82a5588a82631034539d3
-
SHA256
ba8d4e9be076977284c6c53f61164c08f134d4bc73b5619b1422dfbacfc53644
-
SHA512
6e2faae7342280ed7e4a276ef2c3d1f6fde7b590327739adea38eaadeac5a16aa3e7e7692f0f3688fffd828452a625e88425c9803826d0eb57bfeedc2b524100
-
SSDEEP
3072:za7Mu4/pesiPc5ENXyxkjZf/oDM+DuFHlxzCanlRBoABEppzgwD8gsk4PrCtaE:za7BQpF5IXnf/oDyHDNlRgvsBmP
Score1/10 -
-
-
Target
email-plain-1.txt
-
Size
55B
-
MD5
d6f1fd5e47ec72981ffa9ca6afbf5937
-
SHA1
77cdee8287a744dd71e4560f1decc767aacfb790
-
SHA256
bf59186334f80d40fdcb94e6f0ce383b3a22c950868363457e33ed1bcf26fc59
-
SHA512
641da7aa02c5abff1090f51410921ed80605d1898457576e5fb9ef2b1ad5edc63b460ea6899deee947559fb71ddb796a1bd4960e6c983c6b4a9dbc92f9da030e
Score1/10 -