General
-
Target
07092024_0234_06092024_Comprobante de pago.001
-
Size
640KB
-
Sample
240907-c2pv6a1bjq
-
MD5
e50b89403eea33786783792f98c8c451
-
SHA1
0690c4ad068b8e63f54cf94792046badb629adbb
-
SHA256
bf9686f56cd696494d779000cb95ccb276134ae685d7c31af2a3e35870d8fe6f
-
SHA512
11793ab8cf810768fe6d546a7093b7b4fccf6942e57900c42f72e66ea20c79f34f71ddd7bdb9da512e52b84ade3c9f046b1f25520bcb24368105ccef67c735f7
-
SSDEEP
12288:EAWTfP6r/2I/y4wNCt5cCHyTBV3IE1brCqJ/7v9dDueLw1Ww9NyoG6MQ5S:EA6fC72eAUcOGBSqv/7VlhwH9QHH
Malware Config
Targets
-
-
Target
Comprobante de pago.exe
-
Size
1.1MB
-
MD5
ca0d85300206ca89544ce92db94c3147
-
SHA1
bb45ed065cc3ee531b5f3c370530861e5e1b999f
-
SHA256
840e0f5185fe2436164840b3dc7cd65303cae87599599f8a9dd861ef492dd0f0
-
SHA512
4583020937fe2c3b26f53b15923c33dbd19009c5190a43b8082e9b176cdcf4c56e2f82af7e712853397a5edab25a1d6a3cfa8218840de16cf01e8b0a8b84903d
-
SSDEEP
24576:MAHnh+eWsN3skA4RV1Hom2KXMmHaT8Tj68uSayGHbs1PICz5:rh+ZkldoPK8YaTWRuSw7s1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-