General
-
Target
ORDER#4510093083_POs_NEW_MATERIAL_JUN_2024_POs_pdf.bat.exe
-
Size
872KB
-
Sample
240617-qv9tmstakh
-
MD5
0534a79a51432d3678e88ea60e41e49b
-
SHA1
c97a8d7efb5f990d1b4305d9c2055bdd8c9971a2
-
SHA256
a4bb6414cb7d0a37ed6b06994e516b00793e32eaceba2af7a3e638a4832cc07b
-
SHA512
639149a000727a7c08b40a85bd2424555a1244e6ff7a73a920c6efc4030ecdd1fb91540b0068eded567bef4483f6c49ce6b84d0359cc27ab572832f830906742
-
SSDEEP
24576:zBAyC5l2GSbFaL6NLpZ51lZzLsb7rcO8kN:K3j2nFaLsT51jMbH7N
Static task
static1
Behavioral task
behavioral1
Sample
ORDER#4510093083_POs_NEW_MATERIAL_JUN_2024_POs_pdf.bat.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ORDER#4510093083_POs_NEW_MATERIAL_JUN_2024_POs_pdf.bat.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.inducolma.com.co - Port:
587 - Username:
[email protected] - Password:
inducolma57 - Email To:
[email protected]
Targets
-
-
Target
ORDER#4510093083_POs_NEW_MATERIAL_JUN_2024_POs_pdf.bat.exe
-
Size
872KB
-
MD5
0534a79a51432d3678e88ea60e41e49b
-
SHA1
c97a8d7efb5f990d1b4305d9c2055bdd8c9971a2
-
SHA256
a4bb6414cb7d0a37ed6b06994e516b00793e32eaceba2af7a3e638a4832cc07b
-
SHA512
639149a000727a7c08b40a85bd2424555a1244e6ff7a73a920c6efc4030ecdd1fb91540b0068eded567bef4483f6c49ce6b84d0359cc27ab572832f830906742
-
SSDEEP
24576:zBAyC5l2GSbFaL6NLpZ51lZzLsb7rcO8kN:K3j2nFaLsT51jMbH7N
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-