General

  • Target

    Comanda de achiziție OP nr. 1068 16-01-2024.PDF.uu

  • Size

    571KB

  • Sample

    240617-q2c39axemr

  • MD5

    208d82a3d485c42615764112ed6ccb45

  • SHA1

    f4da54238f166b12976d7093afe1e02eda696181

  • SHA256

    85b51b3b37304a48bde9bbc3fb8f5716881d4b23558cbc3a7f75f5952cd702d8

  • SHA512

    fba807328b84154128ea8fb4d6a692b173654aef6b36b60da0efee25f99600597725bbd5257ac7edb2bae16d1e88a11cc244d9a23e8b11c92fe5fb63be539e0b

  • SSDEEP

    12288:o+XE802KEn7GFLTR0AjICkXj2hDjrMcQY7QDX7v4cz59VSH4Kp7p:o8n6LKgs21u59l9MH4E7p

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.elquijotebanquetes.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    q.15SE~j1@};

Targets

    • Target

      Comanda de achiziție OP nr. 1068 16-01-2024.PDF.exe

    • Size

      953KB

    • MD5

      e225778e232a809b808a85cd37b6b023

    • SHA1

      87810642faecfe1941aefe38a4d533b2f03fe0b6

    • SHA256

      bdf3153153271139582805fb6c9e1e0ecea85c53420c1228597c1b137bbc8a4c

    • SHA512

      49fe9554657d923439d3ab2dc3d29fe120ca2b00ef98ce2b3fe633cb48c81670d0eb2b61cc3c7ffc9bcaf8860a1582a368898422b1beadc9c80e76d839f7a06f

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaM/U4JnOnnUgWzZ/Vmn7q:mJZoQrbTFZY1iaM/vBGUg4mn2

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks