General
-
Target
Comanda de achiziție OP nr. 1068 16-01-2024.PDF.uu
-
Size
571KB
-
Sample
240617-q2c39axemr
-
MD5
208d82a3d485c42615764112ed6ccb45
-
SHA1
f4da54238f166b12976d7093afe1e02eda696181
-
SHA256
85b51b3b37304a48bde9bbc3fb8f5716881d4b23558cbc3a7f75f5952cd702d8
-
SHA512
fba807328b84154128ea8fb4d6a692b173654aef6b36b60da0efee25f99600597725bbd5257ac7edb2bae16d1e88a11cc244d9a23e8b11c92fe5fb63be539e0b
-
SSDEEP
12288:o+XE802KEn7GFLTR0AjICkXj2hDjrMcQY7QDX7v4cz59VSH4Kp7p:o8n6LKgs21u59l9MH4E7p
Static task
static1
Behavioral task
behavioral1
Sample
Comanda de achiziție OP nr. 1068 16-01-2024.PDF.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Comanda de achiziție OP nr. 1068 16-01-2024.PDF.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
q.15SE~j1@};
Targets
-
-
Target
Comanda de achiziție OP nr. 1068 16-01-2024.PDF.exe
-
Size
953KB
-
MD5
e225778e232a809b808a85cd37b6b023
-
SHA1
87810642faecfe1941aefe38a4d533b2f03fe0b6
-
SHA256
bdf3153153271139582805fb6c9e1e0ecea85c53420c1228597c1b137bbc8a4c
-
SHA512
49fe9554657d923439d3ab2dc3d29fe120ca2b00ef98ce2b3fe633cb48c81670d0eb2b61cc3c7ffc9bcaf8860a1582a368898422b1beadc9c80e76d839f7a06f
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaM/U4JnOnnUgWzZ/Vmn7q:mJZoQrbTFZY1iaM/vBGUg4mn2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-