General
-
Target
13092024031512092024DHL..bat.lzh
-
Size
572KB
-
Sample
240913-gxe8dayelb
-
MD5
c1f17ecebc72a149960cfaa053a42d3d
-
SHA1
58e7db773991b1cbbb51de936470c94e907dbd05
-
SHA256
7aab3ccad2c9e2eae8f82c7db33fe5dbbbdde2779e5df2fbce1c6363dacae781
-
SHA512
63976b9bfb6b93191a5526af0272898bcd2dea8894183e9869606290d64adb95e50768b649213a4240f777245b697b2d749c8b150c5772ee5d52c602f1ad2cdb
-
SSDEEP
12288:zqHKSYoPvFtOrwAf8XMMYoxV8ERIqkODhB8CLD+pySOTJtl1EcUOY8KZWbU6L:2Oq9Q/gBYoH/rhvLCU/TJPDRY8KMg6L
Behavioral task
behavioral1
Sample
ΕΓΓΡΑΦΟ ΤΙΜΟΛΟΓΙΟΥ DHL Ελλάδα Α.Ε.bat.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solucionesmexico.mx - Port:
21 - Username:
[email protected] - Password:
dGG^ZYIxX5!B
Targets
-
-
Target
ΕΓΓΡΑΦΟ ΤΙΜΟΛΟΓΙΟΥ DHL Ελλάδα Α.Ε.bat.exe
-
Size
100.0MB
-
MD5
091cf2e005afc7393a16a1644e19af9c
-
SHA1
489ca79f7b9cc5af77c9d281e2b5b8289d49bd30
-
SHA256
8b4d29d39c1085b7e1fa42bbbb8a0b38b8ae615eaa1d152f4c09756fde5f1b23
-
SHA512
4619afb10efa219156acbcf08aba716f2c5cd35b6f0f4fbdad94fb0dcfc840565324161f529a844560fada11f019211d687a44ae21b909ce32592539807fed50
-
SSDEEP
12288:LXe9PPlowWX0t6mOQwg1Qd15CcYk0We1F2OKY4+5PMmXICU9t6j:ShloDX0XOf43h4bmXIC2G
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-