General
-
Target
MTM TBA VSL's DETAILS.pdf.lzh
-
Size
671KB
-
Sample
240603-lnanraac9s
-
MD5
f08918e8fe97c16b2662ad9b9cbd0ec8
-
SHA1
81716c6884e753595ccb4d3a0635869ee548ca40
-
SHA256
e5a9f67154554cda576be8977ff030c6046a47994d16466a26cf244e2d63b7a4
-
SHA512
f495d271e096c23908b16881138304854c56804f9b580d89e434eb0860034df5646488b60ef7cf9dd4cd867e344d3dcd1851c7d68892a3808ce737eb9485add7
-
SSDEEP
12288:ykxgpXMitb5KoAxCBxVu62gpG3SlixhlfDHKIRek806Y7YJsTO:ykuBUxC9+lWdHpY7LK
Static task
static1
Behavioral task
behavioral1
Sample
MTM TBA VSL's DETAILS.pdf.scr
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
MTM TBA VSL's DETAILS.pdf.scr
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Extracted
Protocol: ftp- Host:
beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
MTM TBA VSL's DETAILS.pdf.scr
-
Size
843KB
-
MD5
6e075d09953e877c0ca9a98ac749dff2
-
SHA1
a3dc16d79e5487c622c30545a47ac504573e9ea8
-
SHA256
50ef75bd66c4bb9ce6001a41b53c0925e98eaed9b94b7125543ffecc0d4ace82
-
SHA512
67bb4c0e98751650b4d170dc30d110c035b4115952fda1b725ff73290675d712b9947e79f7f424df2b2e9a40d9bddbbe33bbc1147552c99ee0c0da8cc3a0d550
-
SSDEEP
24576:3MYeLSN5iFoayUfVtUv6LPg/Vv82DFF4:3MYeGN5iFZyMNzg/2wFF4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-