General
-
Target
13092024_0412_12092024_HAWB No Original 2 - (for Consignee) - HAWB No_ D889163[2].pdf.bat.bz2
-
Size
584KB
-
Sample
240913-esvfdsthne
-
MD5
7093258960a3163ca9d784d4de9dbae7
-
SHA1
b939198c51675c7a99c1ce641a62feeda3f27bdc
-
SHA256
367dfffe5b481ea41845028453d6c1dbe7ffa9b214c509946a7ffccbd80cf622
-
SHA512
bff604f730fb8bb67c60da4241d4c8e557c88326473c09cc604c24fc1ec2826f2e65800c80b977b63b6719bc0b095bbf14808d06693e74a9cc81ed1551fdeb79
-
SSDEEP
12288:z8Z4bJ31v9oibrEjtXXqx3TQ85NASFE9WHHGtSIGrAJ/s+O2D3kzn:z7bR1uwEhHqxTQ8RFG2ksyg
Behavioral task
behavioral1
Sample
HAWB No Original 2 - (for Consignee) - HAWB No_ D889163[2].pdf.bat.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
HAWB No Original 2 - (for Consignee) - HAWB No_ D889163[2].pdf.bat.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solucionesmexico.mx - Port:
21 - Username:
[email protected] - Password:
dGG^ZYIxX5!B
Targets
-
-
Target
HAWB No Original 2 - (for Consignee) - HAWB No_ D889163[2].pdf.bat.exe
-
Size
100.0MB
-
MD5
06359c881acaf0b5fae99f212a6a224f
-
SHA1
f3a946aaeab510541245e172070f41d0d84caf2b
-
SHA256
cf13092b0f85ac7a68901d82f210a5e68de6d47fd877a6b21e42dc4341a0fb11
-
SHA512
8dd4e2a9647f25e2f4ceec7ea20373d8431ad07691a55a46456884c4263467423dce7e598249242ca86f1a84100212ff27ae2293ef07ba0ff1365ce41436fa67
-
SSDEEP
12288:uXe9PPlowWX0t6mOQwg1Qd15CcYk0We1FH4l6/B/yAzUAxLMT4J:DhloDX0XOf4X/yAzUYI4J
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-