General
-
Target
12092024_0750_11092024_Shipping documents 0002939948400055.img
-
Size
1.8MB
-
Sample
240912-jpctdsyejf
-
MD5
1e6cbca6ef639621a17c4d7a1d4411bd
-
SHA1
1c83919263caf406edadebed9f2907dbabfabc24
-
SHA256
1118c8d34d9c81654ec02a29655ee018a1e781515be0b81f98ebac809be53c6d
-
SHA512
a5b60da805ad31d8d728574ed6f87b4eca72894baa50e59459a59e8ffd4e900c3474ac183f34592876fdb22a8578cee13ad74412cc019301c50280557ca1b2fe
-
SSDEEP
12288:XNYnJyPKtca75RqRF6UxaKPHDM18qwdNcQeRFoubL0KZ1YkE9bMRvQSsHc69+c:yTma75ARF6Ux9HDe8felYUmHc69+c
Static task
static1
Behavioral task
behavioral1
Sample
Shipping documents 0002939948400055.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Shipping documents 0002939948400055.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Extracted
Protocol: ftp- Host:
ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
Shipping documents 0002939948400055.exe
-
Size
1.3MB
-
MD5
b4c7e0b0ef40ea0f57b6b265158e087f
-
SHA1
da9c36b3eb690cbd15cd0a19ee6beae39191b7f7
-
SHA256
8025e068e401764653aed170b3a0b07c5ed8c327f80e8d5b5f7d8ae3b0f44eaa
-
SHA512
efb7488ba4c8243cf76414b5629c4bc29405109ba875f50d84a8f7cdcb468dbfd41a7422a2d621227c129a0afd977209aa0a2d6abf3ddc366feccba9c1340ac5
-
SSDEEP
12288:7NYnJyPKtca75RqRF6UxaKPHDM18qwdNcQeRFoubL0KZ1YkE9bMRvQSsHc69+c:GTma75ARF6Ux9HDe8felYUmHc69+c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1