Overview

overview

10

Static

static

5

Confirmaci...r).exe

windows7-x64

10

Confirmaci...r).exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15102024_0019_14102024_Confirmación transferencia interbancaria. (Banco Santander).uu

  • Size

    806KB

  • Sample

    241015-amg6naxfmk

  • MD5

    adf98d3b22abbf66b3cf62c515ad2d60

  • SHA1

    70280ebaffd29cbf124d37af505c3f186b58fc12

  • SHA256

    f6b781cf27171a271d85a9f68b02d0547c6f9ae314beffe2467fd7f58e7caacd

  • SHA512

    1c6ca4afafcf31edfc57db910ddc61e10a35df26e26a1d540e33e02a7e2192bbace231b18b749447a2060a1382905ff69d1451941bbef05e70e9860157ac132d

  • SSDEEP

    24576:YGEJ5J+ggUP/Fm+5bll2zNiSmeLGPewOBOc+:B4+g9HFm+nlQzLGPewOBc

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.elquijotebanquetes.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    -GN,s*KH{VEhPmo)+f

Targets

    • Target

      Confirmación transferencia interbancaria. (Banco Santander).exe

    • Size

      1.3MB

    • MD5

      eec87d011a495c53efc1013a489e3e73

    • SHA1

      cb82bf31315fc86a329c16ea6ef8b6319ddbbcfe

    • SHA256

      0cafddce10e4bb40867fb1c697f2a0b34b4c07a85ce58b435f2b328cfc1a05fd

    • SHA512

      70272e290a6c6791f0222efda78e9372d972477f9036aa7dcfac5838ae77ded84ab9b418060ec8c24b2a3755df5390a5c920b62f60db99228409324298f14810

    • SSDEEP

      24576:Ftb20pkaCqT5TBWgNQ7aQHzat+NMM9hGBg86A:2Vg5tQ7aQHzrJWJ5

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks