General
-
Target
10092024_1727_10092024_ΛΕΙΠΕΙ ΤΙΜΟΛΟΓΙΟ.bat.bz2
-
Size
577KB
-
Sample
240910-v1nwksvhjp
-
MD5
1fc14c613010cc7b53d46e4665354acd
-
SHA1
4b1c773bf67db8e0a92e1bc4a40a50a276ca9d29
-
SHA256
9414af9043a067b8b77fcf0b5035ea60c4ff510a2c16f0be7382eec9551846cf
-
SHA512
e475e1b656239a548ae2d525331cf1d37d897beb270496899560d726329751a52bd93b3a5618632f85e9aad0e77cd173826b6e312b83c278a5b0edad49bacfda
-
SSDEEP
12288:p3vyr8Tv1HOzPkhyRwYQi3+kuZbln269k8WM6r+AZON:jTtuzGY9OtznHHWx+X
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solucionesmexico.mx - Port:
21 - Username:
[email protected] - Password:
dGG^ZYIxX5!B
Targets
-
-
Target
ΛΕΙΠΕΙ ΤΙΜΟΛΟΓΙΟ.bat.exe
-
Size
100.0MB
-
MD5
cd0e4667c8f9b880d489189d3c1e3fd3
-
SHA1
a51846a21b233a8728fcd6039051a5e2a04c7668
-
SHA256
b0e73613fc800e9c36e405265e2352f5d9684554ac34b364b050af523c146dc3
-
SHA512
47a25dd790d4ebe5e1a7ca3d93173c5efd4068e8e9db934749bbf1e8cee2ed7bda4679bf9ab7ecbb9bdea58fb443cdb736627e6b5f479e7d262306ea3f3d3dcb
-
SSDEEP
24576:PAHnh+eWsN3skA4RV1Hom2KXMmHawHfqUZDmRx9W4NKB5:yh+ZkldoPK8YawpZWH2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-