General
-
Target
INVOICE SUBMISSION.exe
-
Size
627KB
-
Sample
240911-mg3xdswcqf
-
MD5
e5b155564a52c8c17a48bf285ded4e62
-
SHA1
89cac38cfbb3811f942fb229104155beb2afcaef
-
SHA256
5386b2eb77cc7380bec83dddc6594d4174a2ad01af73c29e813aa6a432779507
-
SHA512
989452165c55db845484f209ca26dc408ee666491a0bed2e0af62dc3da3e6fdae89670f177b29d02928af3c15625679d05c5aab75f49df4ba8607360c249b733
-
SSDEEP
12288:797kvXdnYKQAtsmHwZioFKcf6WGWPSG6YsXYfsywytPStS1y:79oN2A2PJFKctpPSGxgmVPSay
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE SUBMISSION.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
INVOICE SUBMISSION.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
Q6]7rLSD*gU2
Extracted
Protocol: ftp- Host:
ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
Q6]7rLSD*gU2
Targets
-
-
Target
INVOICE SUBMISSION.exe
-
Size
627KB
-
MD5
e5b155564a52c8c17a48bf285ded4e62
-
SHA1
89cac38cfbb3811f942fb229104155beb2afcaef
-
SHA256
5386b2eb77cc7380bec83dddc6594d4174a2ad01af73c29e813aa6a432779507
-
SHA512
989452165c55db845484f209ca26dc408ee666491a0bed2e0af62dc3da3e6fdae89670f177b29d02928af3c15625679d05c5aab75f49df4ba8607360c249b733
-
SSDEEP
12288:797kvXdnYKQAtsmHwZioFKcf6WGWPSG6YsXYfsywytPStS1y:79oN2A2PJFKctpPSGxgmVPSay
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-