General
-
Target
Description CALIPSO dd 26.03.2024.doc.lzh
-
Size
671KB
-
Sample
240603-malpjaba6s
-
MD5
8ca580921d7548d4a269d531eb6662b5
-
SHA1
00bfd0f1ade33416cf8a698ecce28212b78512af
-
SHA256
5a9c5ed46fc46eeb7a5a425d17825ff2e36334e4fd94917768298b0327aaf1a8
-
SHA512
d56048c47a937dc87e7b6819b123e50090610a8fa54f3fddbc0547f992349470af6d07b14387f144efafe3f9ea41fe84ac7b5e21cca4473d1bd2cf740ee79ad5
-
SSDEEP
12288:AkxgpXMitb5KoAxCBxVu62gpG3SlixhlfDHKIRek806Y7YJsTO:AkuBUxC9+lWdHpY7LK
Static task
static1
Behavioral task
behavioral1
Sample
Description CALIPSO dd 26.03.2024.doc.scr
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Description CALIPSO dd 26.03.2024.doc.scr
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Extracted
Protocol: ftp- Host:
beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
Description CALIPSO dd 26.03.2024.doc.scr
-
Size
843KB
-
MD5
6e075d09953e877c0ca9a98ac749dff2
-
SHA1
a3dc16d79e5487c622c30545a47ac504573e9ea8
-
SHA256
50ef75bd66c4bb9ce6001a41b53c0925e98eaed9b94b7125543ffecc0d4ace82
-
SHA512
67bb4c0e98751650b4d170dc30d110c035b4115952fda1b725ff73290675d712b9947e79f7f424df2b2e9a40d9bddbbe33bbc1147552c99ee0c0da8cc3a0d550
-
SSDEEP
24576:3MYeLSN5iFoayUfVtUv6LPg/Vv82DFF4:3MYeGN5iFZyMNzg/2wFF4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-