General
-
Target
04092024011903092024BANKDETAILSRO83728274746272627362.lzh
-
Size
534KB
-
Sample
240904-ghadksvgjq
-
MD5
05997ef5b3cd9c79276c0f7a751695a1
-
SHA1
00815ba22b4e61d9b3fd7567a6dc8618f47f77e0
-
SHA256
77493c7ae3766b67427a8b2833a78a9864304022c15ff5dcc633a5996ce09dad
-
SHA512
017b1e8ed91787c1013fce976f4581edd7d23c3f83eed3f4c7f2080b6670acc43f1549199257faa57a9d711c1adf88adf1d63b37d5ef9cc1db5fd46485354aa3
-
SSDEEP
12288:Cx0MUNVDi1S/2mPrB/ybU6ovrYaQc+Mcdd02vh4BsiPkqnYuu3iH:Cx/UrYC2arFGU6kEc+3G2OkqnFu3iH
Static task
static1
Behavioral task
behavioral1
Sample
BANK DETAILS RO83728274746272627362.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
BANK DETAILS RO83728274746272627362.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solucionesmexico.mx - Port:
21 - Username:
[email protected] - Password:
dGG^ZYIxX5!B
Targets
-
-
Target
BANK DETAILS RO83728274746272627362.exe
-
Size
1.0MB
-
MD5
d29f4a082738048f4e8e140c7a51ccbd
-
SHA1
0109d7343fbd32b56fbb1a22115c172a88337638
-
SHA256
cca7d56dffd819b96dcc149a4cd08308aa40035b73930e409d83e6434932b68e
-
SHA512
fbf8c43e9a268723be7269dcda51e38b4b587dd6d935f931166690befc505882bc684a81184a8156d41adbb57a495347fbc40af76e03305c7646337ab3977dec
-
SSDEEP
24576:TAHnh+eWsN3skA4RV1Hom2KXMmHaaM8Q9v+MN7+r7yH5:eh+ZkldoPK8Yaa6pNie
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-