General
-
Target
05092024_1401_05092024_ΕΠΙΒΕΒΑΙΩΣΗ ΤΗΣ ΠΑΡΑΓΓΕΛΙΑΣ 56474.lzh
-
Size
567KB
-
Sample
240905-rbjzjsshmg
-
MD5
fcedb6479f040542208e95de5cfafca2
-
SHA1
88ad50c394f4e7fdb028f02f4657736d6b711232
-
SHA256
089cd991568bb27a2e7eb7b34122cfda8c403b1dd88a6823293f509b0371bb18
-
SHA512
ca425607b1868894b4eb4ba8d7a6795e59ecd0650e9579e82c1d15a46898430536fa45c76832aa5b3e1175b26746c97c4c591e45e28f868f41bbc65c7171c690
-
SSDEEP
12288:ILapketduL9NlEwgoOWwBhIiXDsTC9lVEvLqRaPu55Rhis9RDYybhMY:QKGEXbfSJTmBmuHWySY
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solucionesmexico.mx - Port:
21 - Username:
[email protected] - Password:
dGG^ZYIxX5!B
Targets
-
-
Target
ΕΠΙΒΕΒΑΙΩΣΗ ΤΗΣ ΠΑΡΑΓΓΕΛΙΑΣ 56474.exe
-
Size
592KB
-
MD5
1d3515d7b35420db17ea6ea8632881be
-
SHA1
86d9b85d182c241be7416799d9ee028a388abc66
-
SHA256
40c5238cabc2bbe9427c93a637af3393184ce08003776cf0d2cc21aaa8e453b0
-
SHA512
3941b0e19f479f4d0f4e791612da362e0325882225af6c0fb80cae858f75bac9b4caffca72600228cf8659ea0ad34ffffc854f1bad5d020b24f1ba5ea4033eaf
-
SSDEEP
12288:yYV6MorX7qzuC3QHO9FQVHPF51jgc+M+Vfig5fhLnqyTc7:BBXu9HGaVHS4gZlFc7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-