Overview

overview

10

Static

static

5

LISTA DE C...ES.exe

windows7-x64

10

LISTA DE C...ES.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LISTA DE COTIZACIONES.exe

  • Size

    1.3MB

  • Sample

    241015-pllvsatfmd

  • MD5

    0647a0952187cc636ad3ad2b3798d285

  • SHA1

    2d3e1b9a31c50403ee421f3a632893cec41a6b99

  • SHA256

    7cfb5ab426cafad901b5c45367fd9135413f23ffaa1489aadb331d9f44f9d236

  • SHA512

    40cf4f29bd10804978493ebcaf53a962aaa166b0744fcfbd2e69ff3a2dd1ac4f19381a5cbd8a2191f18db9d163d111d8bafb18f1620ca9c76405dd643599eddb

  • SSDEEP

    24576:WfmMv6Ckr7Mny5Q6sDRZc6kRIG6jVLZXVxP/I4IhRszC:W3v+7/5Q6sg+VLZlNQl

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.ercolina-usa.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    ,%EVY$JU0=lu

Targets

    • Target

      LISTA DE COTIZACIONES.exe

    • Size

      1.3MB

    • MD5

      0647a0952187cc636ad3ad2b3798d285

    • SHA1

      2d3e1b9a31c50403ee421f3a632893cec41a6b99

    • SHA256

      7cfb5ab426cafad901b5c45367fd9135413f23ffaa1489aadb331d9f44f9d236

    • SHA512

      40cf4f29bd10804978493ebcaf53a962aaa166b0744fcfbd2e69ff3a2dd1ac4f19381a5cbd8a2191f18db9d163d111d8bafb18f1620ca9c76405dd643599eddb

    • SSDEEP

      24576:WfmMv6Ckr7Mny5Q6sDRZc6kRIG6jVLZXVxP/I4IhRszC:W3v+7/5Q6sg+VLZlNQl

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks