General
-
Target
0b8d4b6ed2333b9783b3a340d2fcf73d32a3322922480a20c37bd936a4928742
-
Size
585KB
-
Sample
240913-t3mkvsxeqg
-
MD5
6e134c1a0853ccf0bef03a7253ca3c31
-
SHA1
ea7b0156042035ca5592771fd36ea173def6efe4
-
SHA256
0b8d4b6ed2333b9783b3a340d2fcf73d32a3322922480a20c37bd936a4928742
-
SHA512
8f4b8442bbbf12bdb3bc15f40589b616bee0fcafa26b8222e2639beb95bfa94671424a4653490da88268bb6a830dadd1fc5968aa68d607785d57fa1b1fe164f2
-
SSDEEP
12288:kTDTSh1rydoz6gS7ccuTi90qhJFCpdwEFborN5KdutXG6:YDWhWo8ssJFCpfBorVtXG6
Static task
static1
Behavioral task
behavioral1
Sample
Fatura nº 4052804664.scr
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Fatura nº 4052804664.scr
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5187914704:AAHhM5YfeLYR_Ow0fgwMOZKO7je7btbh5DA/
Targets
-
-
Target
Fatura nº 4052804664.scr
-
Size
693KB
-
MD5
a0de9f804b692969d93ba2a8011f73a4
-
SHA1
247b67ca3f7d4f1017a537abb96384136936b78b
-
SHA256
cc58af4374174d975a7fc1abc5f43a0f537da1482334b95631ea9d5668db7304
-
SHA512
7dca8968d20f3159c75a5b6effb67456a30309f4652e9b45fa577ef19fe23a6532aa69532f4c28ae819be0da3a455b44971836fce7a041ffd143904c13cbbce9
-
SSDEEP
12288:nS993Hgi8MefNnUlSAgsWYTfxCIpIj4LcGPhGgXHXelLEAmD:qTmM77lTfxC/GpGgA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1