General
-
Target
PAYMENT 00251,8301,66329.xxe
-
Size
846KB
-
Sample
240917-j5yqssshke
-
MD5
a17a141641b02eaaad941d846db87e4b
-
SHA1
9da284f060e817a8a85ce6d223d045800dec51c2
-
SHA256
738a2795ed26727349bbd0dadfbad119c94b04707cd36669252cf3b36dd98636
-
SHA512
20a33737d645e2857d0d9b6f0fdfe74a252fa2a6dc67236511f40ce828a9a47f8854e5a2f615d8b12456e615c5d5a3409b8b7f6f5cb5bf039c246aef7689c5d5
-
SSDEEP
24576:2U+Q7KyXetdmVyeltuZV6lPo9YmF9s/DDM5VOBlOhq6KDm:2U19smDQw7mFK/s50Dcq6+m
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT 00251,8301,66329.exe
Resource
win10-20240404-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.flujoauditorias.cl - Port:
587 - Username:
[email protected] - Password:
l;0jGu7J;z_a
Extracted
agenttesla
Protocol: smtp- Host:
mail.flujoauditorias.cl - Port:
587 - Username:
[email protected] - Password:
l;0jGu7J;z_a - Email To:
[email protected]
Targets
-
-
Target
PAYMENT 00251,8301,66329.bat
-
Size
77.0MB
-
MD5
54d5035f6e0651a42081bbf94c992575
-
SHA1
356a2631c588d5b5bc67999a0c3ea5f9233af4b2
-
SHA256
dcc7a889e4a2b801932f6389e657c4d3c6c3974af4044801ab68379cc2b600e0
-
SHA512
f6f3ff19c338b9a7ae00f0b1fc01c9f995a659088ec49bafacb503b4ffe8964eb03795a6cde61dd645a727edac20deabdcf5534ba4b876de74c68bfa9b454a48
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCOnJQmut27bcalIZhgQAx:7JZoQrbTFZY1iaCOnJButijlIKx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-