General
-
Target
18092024_0101_17092024_cotización.PDF_98776456879808756846576879806765687976457687986764.bz2
-
Size
833KB
-
Sample
240918-bdlyxstgrh
-
MD5
8b6fef19071d62a624c52eaf9b697741
-
SHA1
435bc6a4403f492a39970996fc0171bab863e8f4
-
SHA256
6d121a6dc5d83a314d50c200a9bb80997585122c770b70f5905de16c550e3824
-
SHA512
bb067e1a7b86868b61b9dcdd882d62775f9681e48f74de664a25a84314e9d17b485b904f96fc612e60ea9b3c0a41746f990ef9580edd90003f434ad709363743
-
SSDEEP
24576:kr/llbDMdvT+mW6RFIwdgNjLex3ShhUYR:k5lENT+QjISgNjLeQnUK
Behavioral task
behavioral1
Sample
cotización.PDF_98776456879808756846576879806765687976457687986764.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cotización.PDF_98776456879808756846576879806765687976457687986764.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
=A+N^@~c]~#I
Targets
-
-
Target
cotización.PDF_98776456879808756846576879806765687976457687986764.bat
-
Size
88.0MB
-
MD5
e4a8ce0f507c8ba1023007a3fcfdef7e
-
SHA1
ae93d87dc7532f2c330e2ab7d39a39f131dd959b
-
SHA256
001b21318e75c49c1b0e415008530611da89163328b29d65ade1f7edde25328d
-
SHA512
97370fc754fb67fa95042e706894a4e36fe7f5337aff32490506e7f7738050c6dc2bec68561a1228312bf99985aeb330701b440a57e169416c1a690cd61220fa
-
SSDEEP
12288:v6Wq4aaE6KwyF5L0Y2D1PqLuKjL6vV34jxMQzpWlXeXpddOgLWHlqd48EJGpZpGe:tthEVaPqLnLoVqxsuX9uqd4nG/pG3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-