General
-
Target
59eea35b69fe8aab60f9a005e421215d2d31221421de968b68db0dde53c6b5e1
-
Size
1006KB
-
Sample
240917-kkzysstgpj
-
MD5
d58f21849ad6ffc939843640713f7fa3
-
SHA1
02593852f35a1481f2646efca7e1f9f4bcbbe36a
-
SHA256
59eea35b69fe8aab60f9a005e421215d2d31221421de968b68db0dde53c6b5e1
-
SHA512
59bf0d999ad014091ba2f5ec689120ff9a3222c4b417ed47ebdf3c728fb2da0f58a6f85c18742c728ab1bd5b25ef8263a49b82ee3ac3296ce260e15a40211e1d
-
SSDEEP
24576:azD7C0gmTw99KsSuifKJEUzCXYGZuiqhy08ve:6D7fgOduwMwXYGZuRhp8ve
Static task
static1
Behavioral task
behavioral1
Sample
Estado de cuenta.pdf.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Estado de cuenta.pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Estado de cuenta.pdf.exe
-
Size
1.3MB
-
MD5
92fe200abe5cd92b7766757b6d9fff86
-
SHA1
29837c6390325443c30227df4fbe3f28618dff77
-
SHA256
58672267ca553d53165e5f5318bf7c492d5378730a0857547543e8efe42c110e
-
SHA512
05355588a91e64b5833ea92c8cdd5845e42a45dd3cebc506dfc793b6e4b7b5078628835720c9af8527f8308c383c0aa46b7129a35ebfa1f12bf14f4691f25800
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCKY9/wsSku5KHAUzkNYG9uiyVEs4bF:7JZoQrbTFZY1iaCcdkwcyNYG9uTVp4bF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-