General

  • Target

    18092024_0101_17092024_cotización.PDF_98776456879808756846576879806765687976457687986764.bz2

  • Size

    833KB

  • Sample

    240918-bdlyxstgrh

  • MD5

    8b6fef19071d62a624c52eaf9b697741

  • SHA1

    435bc6a4403f492a39970996fc0171bab863e8f4

  • SHA256

    6d121a6dc5d83a314d50c200a9bb80997585122c770b70f5905de16c550e3824

  • SHA512

    bb067e1a7b86868b61b9dcdd882d62775f9681e48f74de664a25a84314e9d17b485b904f96fc612e60ea9b3c0a41746f990ef9580edd90003f434ad709363743

  • SSDEEP

    24576:kr/llbDMdvT+mW6RFIwdgNjLex3ShhUYR:k5lENT+QjISgNjLeQnUK

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    =A+N^@~c]~#I

Targets

    • Target

      cotización.PDF_98776456879808756846576879806765687976457687986764.bat

    • Size

      88.0MB

    • MD5

      e4a8ce0f507c8ba1023007a3fcfdef7e

    • SHA1

      ae93d87dc7532f2c330e2ab7d39a39f131dd959b

    • SHA256

      001b21318e75c49c1b0e415008530611da89163328b29d65ade1f7edde25328d

    • SHA512

      97370fc754fb67fa95042e706894a4e36fe7f5337aff32490506e7f7738050c6dc2bec68561a1228312bf99985aeb330701b440a57e169416c1a690cd61220fa

    • SSDEEP

      12288:v6Wq4aaE6KwyF5L0Y2D1PqLuKjL6vV34jxMQzpWlXeXpddOgLWHlqd48EJGpZpGe:tthEVaPqLnLoVqxsuX9uqd4nG/pG3

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks