General
-
Target
667beb260fc402a9759598e0ee428a5d6df9b9f34fed0bc0f491e39fd063fc7d
-
Size
643KB
-
Sample
240523-cebd9ahf5t
-
MD5
4ae2be1029bb7fb43c44ccff273da924
-
SHA1
1e61319feccdf337ea4d19d9b3f3c02f8412bd2c
-
SHA256
667beb260fc402a9759598e0ee428a5d6df9b9f34fed0bc0f491e39fd063fc7d
-
SHA512
2a4aa625f95a9498bc989a3c0a556070ec144ef38f04752f8d280ea25242733ebf84c6f8735d489b047c7341d4345e45c436b16ad1322c707c9e7af59a5a20e3
-
SSDEEP
12288:yF6vvvFrLTSEO/X8WY3fyVcVx8TlhB8RpwSxE5rVT43PrVU7ZZD8:Dvv9/Sx/gPye6EDxEN467ZZQ
Static task
static1
Behavioral task
behavioral1
Sample
Olivotto Glass MAchinery Order-PDF.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://eu-west-1.sftpcloud.io - Port:
21 - Username:
e8a17a253c4d40b6a0df898aad32f67b - Password:
RugFalv5wDyjeLFrWC25Q2kWCAS6XObb
Extracted
Protocol: ftp- Host:
eu-west-1.sftpcloud.io - Port:
21 - Username:
e8a17a253c4d40b6a0df898aad32f67b - Password:
RugFalv5wDyjeLFrWC25Q2kWCAS6XObb
Targets
-
-
Target
Olivotto Glass MAchinery Order-PDF.exe
-
Size
666KB
-
MD5
8b67eaaa3b2743e270b215364a52f304
-
SHA1
71ce337b39795fae99bd7ffa0d86a9018646b1cc
-
SHA256
60ea13ca5f6f7c00c959c098387a8d6a9425f2498ec02ad4d66a856f01acc34d
-
SHA512
8c18a08130420e9273f83636fa9d742fd63ca99fc7210e4ed95c0fc4a13c046b6290c3af5da31e2680324793a1bce0f291f080a5b8a164db3a27058aa3ffccfe
-
SSDEEP
12288:F1BYvTv5zLTIkO9X82Y3f6D+V3CTlTH8RpCQxaPrZ/43hr1OpH5D0:FovT1/IR9+PuQc+txKR4OpH5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-