General
-
Target
HORAE - PARTICULARS (0)(0).PDF.lzh
-
Size
655KB
-
Sample
240612-fdl15s1dpf
-
MD5
9203ccb64b84b70dcca636970bd41218
-
SHA1
7d761a3eb30d5cdb0266af2cb929cc6e0e44a4e2
-
SHA256
0c8b44aa35e6438a0911ca225c587d58d15df669bee027dde8bdb514bd57f39b
-
SHA512
686918b95828287cd04610bf33d985a84dfd049dfc7aa4027f9051fadf3cc7c9d7733697ef17db7ab62d4077ec2da9526494a90e4dbb377f4a58eb60eabff4d1
-
SSDEEP
12288:sKzgxX1q91MzuC4Yoxo5U7mI6gHNOr7AM8aS6LRV0XX/osnvJ8:sKzgxY1fCloZHNML3LROQn
Static task
static1
Behavioral task
behavioral1
Sample
HORAE - PARTICULARS (0)(0).PDF.scr
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
HORAE - PARTICULARS (0)(0).PDF.scr
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Extracted
Protocol: ftp- Host:
beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
HORAE - PARTICULARS (0)(0).PDF.scr
-
Size
676KB
-
MD5
11fc68bb6dd5ab9c2c09d7e2a948c517
-
SHA1
895cc048a0e68e313b1c86f201af51973aad0ab1
-
SHA256
c439d590023f8a1aac0da090ccc0d54a51d0976a451bd3852088c753a3bf920e
-
SHA512
fff6b8f41daaf0259957630ca411b3b246ba8816b984b7f14d1c3e2a601fb4c5dad2368534576c49318ea6baf46efe5fa64fb2169c391f090f8109f875cd0af1
-
SSDEEP
12288:JgR2iNStcY+JeVUdzKB+4FaEiHMKiMZnpDsxsWnC/7lQiqK3LiqWxMc:JgR1McROWzkFajHqCpJWCiKbiqWq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-