General
-
Target
PO Invoice XJ210821Q.PDF.7z.zip
-
Size
608KB
-
Sample
240925-g3rhlazcnp
-
MD5
0115c5c629a1b520162b945010feace6
-
SHA1
2dcd9c63f6c056b4d562c1af36fd827d08421e14
-
SHA256
2916023a634aa57933f9bc8efe3e51e2da70bd0fecb2f8565dece272535a6de8
-
SHA512
cbfbbde330747e85e18f5e8d7678dd27256476104b22265696b4b615d8c93e1a777a334864c53919fba98c958a916e1d83645de83fbe80e65db7399053d9ed2d
-
SSDEEP
12288:PcVd06cOKnEOSmgBZp9TWuWeld2Qqo0JGLhuOBefXKmisQ4r:s0zSmgBld2Qq1GLhuOEfXNh
Static task
static1
Behavioral task
behavioral1
Sample
PO Invoice XJ210821Q.PDF.exe
Resource
win7-20240704-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.libreriagandhi.cl - Port:
21 - Username:
[email protected] - Password:
x6p2^m#1#~+O
Extracted
Protocol: ftp- Host:
ftp.libreriagandhi.cl - Port:
21 - Username:
[email protected] - Password:
x6p2^m#1#~+O
Targets
-
-
Target
PO Invoice XJ210821Q.PDF.exe
-
Size
664KB
-
MD5
ec1d27d0c50590f58a3d43b8b979e4dc
-
SHA1
bb6768eec71bd66c50a94b21cdd059994dc264b3
-
SHA256
c17e06753e71aa66826658cc44f2e620b39d0e52b26d7dc5747ad5966f0ae0a3
-
SHA512
2bf4090a6bc11e8a5b2055752a51d008aedd7f4dc3483282194b9666f19840ababa805aa18dfccf6d994d46ddf4503e5abed7201556b6388d38af93e6c890aa1
-
SSDEEP
12288:LhdPAcO4nEOS405ZbvTAuWelX2QqycJGD7uoj6C/e8bQbGsxykR:LvlS405PX2QqRGD7u/ClIGoB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2