Overview
overview
10Static
static
3d7ec8f6f25...9e.iso
windows7-x64
3d7ec8f6f25...9e.iso
windows10-2004-x64
3out.iso
windows7-x64
1out.iso
windows10-2004-x64
1Documenti ...ne.exe
windows7-x64
10Documenti ...ne.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Directdiscourse.mrk
windows7-x64
3Directdiscourse.mrk
windows10-2004-x64
3Freakouts.mis
windows7-x64
3Freakouts.mis
windows10-2004-x64
3Kavalerens188.equ
windows7-x64
3Kavalerens188.equ
windows10-2004-x64
3Overhates.txt
windows7-x64
1Overhates.txt
windows10-2004-x64
1Subarachno...is.sol
windows7-x64
3Subarachno...is.sol
windows10-2004-x64
3Subarachno...ue.ste
windows7-x64
3Subarachno...ue.ste
windows10-2004-x64
3Subarachno...et.cho
windows7-x64
3Subarachno...et.cho
windows10-2004-x64
3Subarachno...ck.jer
windows7-x64
3Subarachno...ck.jer
windows10-2004-x64
3distortionless.ska
windows7-x64
3distortionless.ska
windows10-2004-x64
3General
-
Target
d7ec8f6f25b81a46e53f3c2a3841bc0eb87f5434e9dcfeb76911a2de7223189e.img
-
Size
1.5MB
-
Sample
241021-k6x2bszcpm
-
MD5
20a560055eb3adc08bdb6212bc7fd4d5
-
SHA1
20510590f85bd55a138b46c4c3490eca7aa3609b
-
SHA256
d7ec8f6f25b81a46e53f3c2a3841bc0eb87f5434e9dcfeb76911a2de7223189e
-
SHA512
0a02f233a33e4aca39426e48e017f975eb1c3e506101a22f2fd0e762beffc40aaf3763a348f91bf5ebdc547c30c40c76714e263bb6e4456dd3ada9dd53904d6c
-
SSDEEP
24576:Ao8RUr/5+1z5qy4liClnpwWcw0r0ye66RnKUgGEM71KOx5h:Ah+/0qygxlpvAGOsKO
Static task
static1
Behavioral task
behavioral1
Sample
d7ec8f6f25b81a46e53f3c2a3841bc0eb87f5434e9dcfeb76911a2de7223189e.iso
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
d7ec8f6f25b81a46e53f3c2a3841bc0eb87f5434e9dcfeb76911a2de7223189e.iso
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
out.iso
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
out.iso
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Documenti di spedizione.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Documenti di spedizione.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Directdiscourse.mrk
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
Directdiscourse.mrk
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Freakouts.mis
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Freakouts.mis
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Kavalerens188.equ
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Kavalerens188.equ
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Overhates.txt
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Overhates.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Subarachnoid/Protaspis.sol
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Subarachnoid/Protaspis.sol
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Subarachnoid/barbecue.ste
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
Subarachnoid/barbecue.ste
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Subarachnoid/paradiset.cho
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
Subarachnoid/paradiset.cho
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Subarachnoid/saddleback.jer
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Subarachnoid/saddleback.jer
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
distortionless.ska
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
distortionless.ska
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
d7ec8f6f25b81a46e53f3c2a3841bc0eb87f5434e9dcfeb76911a2de7223189e.img
-
Size
1.5MB
-
MD5
20a560055eb3adc08bdb6212bc7fd4d5
-
SHA1
20510590f85bd55a138b46c4c3490eca7aa3609b
-
SHA256
d7ec8f6f25b81a46e53f3c2a3841bc0eb87f5434e9dcfeb76911a2de7223189e
-
SHA512
0a02f233a33e4aca39426e48e017f975eb1c3e506101a22f2fd0e762beffc40aaf3763a348f91bf5ebdc547c30c40c76714e263bb6e4456dd3ada9dd53904d6c
-
SSDEEP
24576:Ao8RUr/5+1z5qy4liClnpwWcw0r0ye66RnKUgGEM71KOx5h:Ah+/0qygxlpvAGOsKO
Score3/10 -
-
-
Target
out.iso
-
Size
1.5MB
-
MD5
20a560055eb3adc08bdb6212bc7fd4d5
-
SHA1
20510590f85bd55a138b46c4c3490eca7aa3609b
-
SHA256
d7ec8f6f25b81a46e53f3c2a3841bc0eb87f5434e9dcfeb76911a2de7223189e
-
SHA512
0a02f233a33e4aca39426e48e017f975eb1c3e506101a22f2fd0e762beffc40aaf3763a348f91bf5ebdc547c30c40c76714e263bb6e4456dd3ada9dd53904d6c
-
SSDEEP
24576:Ao8RUr/5+1z5qy4liClnpwWcw0r0ye66RnKUgGEM71KOx5h:Ah+/0qygxlpvAGOsKO
Score1/10 -
-
-
Target
Documenti di spedizione.bat
-
Size
983KB
-
MD5
c2d72d131fe371481a0cc117bb835f23
-
SHA1
dd736a4b716d790f1a3b304f265530399e0646aa
-
SHA256
d5ee11c69acd2903e1d9b6f6b59aabbd66d9a38430fe4a020d48b18707afb9b8
-
SHA512
79c15f7b54322f2843f203a99605b5cdfd6a0a3fe41bf9265808a266d1c68d099f3fab8354a0d87e53eb673b101ca211a422748c232c725cadb3f4ebf6c9ce39
-
SSDEEP
24576:co8RUr/5+1z5qy4liClnpwWcw0r0ye66RnKUgGEM71KOx5hw:ch+/0qygxlpvAGOsKOm
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae
-
SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b
-
SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
-
SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
-
SSDEEP
192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score3/10 -
-
-
Target
Directdiscourse.Mrk
-
Size
98KB
-
MD5
0cdd72dc4c52fc3e3679087a86475ec7
-
SHA1
086083a90b709250b42c54ed9080ececd5702610
-
SHA256
97dab1ce75fcd484894e8b9c653ecb4609412adbfd56cf4d352e4f8ed672963a
-
SHA512
f7a36729504b8d94c188ac80214993f7d780c7431daa2163ca6bd304bfa57dce5160b8aaf7da422e4a53067349d8412ec70685a9bde9c321e9abe93c3ab701ed
-
SSDEEP
1536:hUL2eODkXBisy4uA2vOqMkkETeiknT0fouNyGZkI67AxzVUT0f3Wz06Vf+:OyeKMB9y4h2SM0nuNnxP6Tg3W1+
Score3/10 -
-
-
Target
Freakouts.mis
-
Size
428KB
-
MD5
1ef716deb3ad336e09abc68798eefb78
-
SHA1
15e56dd29e83d44626e46f219aa1efc8fec6fb73
-
SHA256
6401066b34d5fd3c9103c01112200e109a78a3dc584b7e55392b7a45020a76b0
-
SHA512
6bd0842fe87e9c7467249673485392d1a718b84a757be8ab94f4323f5be358c0975a7e5bc4f74af2ef69f5db46ad00dce3dda9bbd20c2a6ce9d364883a40e7f9
-
SSDEEP
1536:WQqatwb3BquFonZ0MZGDfw/Ams7/cTCDEhqR9:prwTBq1ZPGD4/xsDEh8
Score3/10 -
-
-
Target
Kavalerens188.equ
-
Size
410KB
-
MD5
93c85b7e4c86f442491ff2d5f5b3fe0b
-
SHA1
893ee5dc579da377dce95f9decaf57438f967112
-
SHA256
7d60978d18793a119bb47b0d702e2d1efae28514eb46e9f96d75bb6fda4ecf99
-
SHA512
a0d6b52554f688e47986ffa6b3885393f47a5d51895dc40219bdb1c838609755b1a801e446b926b44ab6c2f4b8a05a183d3c6bbf0d16ca84802cb5dbca1581c9
-
SSDEEP
1536:iKHVhskoaFMrwPuNqw8hbEZ1EvgaKCiIklf3:JHcP9+w8hb8IQ
Score3/10 -
-
-
Target
Overhates.txt
-
Size
513B
-
MD5
3a44600b8b24f5cc7ef13b014c5fc8e6
-
SHA1
dabc64c2788c61476c159bf60e27a0385b761223
-
SHA256
037ee7216549b3d566f3d53e5801d45adacf332f937fb43bd5a5e3f0df9662a6
-
SHA512
02985e9f575b10700a6c8fe167db6ebd81e1b8de758dfab47bb01ab7fe568525c17e933aa2db98673e1a43eb3ef63cab6e97d59fe1b1d52e3484737e0d9b4cbe
Score1/10 -
-
-
Target
Subarachnoid/Protaspis.sol
-
Size
298KB
-
MD5
eada66a6285325455f7e0780c000cb65
-
SHA1
125a71abf2adccfe6e4bb3d7bf80cac064f71690
-
SHA256
d1e27b338c60688975ae1bb239d860e30490a7feb5aeb1df1dad87244dd073ac
-
SHA512
669ba190147018b4cba35d6cde23d00683e73de0c70b60c1aa03edec2c7cc629da73a7495db05cf4151e100c339c76afd87a3d179fe98045ed38b02a7a478fb1
-
SSDEEP
768:OFl7dydtg1PEAqjKsB0peIl0LVJmpGgJQZwWmkYvYTDjBlqndyzkEV5ndnGVa76E:hdKCZmTCLm4TyycJrcYKLdL59NBGa
Score3/10 -
-
-
Target
Subarachnoid/barbecue.ste
-
Size
295KB
-
MD5
43eb990b1be1b4570969a310174d319f
-
SHA1
beae29db714c0576f1ba9256e64f1a0a015b3e84
-
SHA256
6884cda80715f73c9d9aa9ad45b9bde3d9965d2009270ba685b30dd21421c04d
-
SHA512
c0fbe88619a7bc3bb8f6cbc8b77b4c1e21a2afb8a92b1df4324c20980c5cf6362cb75b7d065391437147ba746a933ebbd51167e4df2b94477298a87331e15c75
-
SSDEEP
768:+0WlDZ0cyMp2n0GbzqUGvbn/eHiEmNAXxM4cCQHkR1WuFkHnvVG26UZRR15NykM4:b0/vvkPqdcKMyJAnrZpdZ
Score3/10 -
-
-
Target
Subarachnoid/paradiset.cho
-
Size
389KB
-
MD5
34495288f83eb902ac00567354e11253
-
SHA1
f421e0a307361c05a9534639d2b3a446f4673baf
-
SHA256
f917e97748dee607abcc405fa70d7614b2f96675914b64ae7fd6ac299bcf220b
-
SHA512
e2de646c75526dda1b22aebff7b7991dec89d351012fa21d925046ef5dd78abd2d999acaae7c8ba33747480d3c921cdab05d98839af3a552063070a3b4c48496
-
SSDEEP
1536:qIRuZM0E+SCsypSaDWDKQreAN/Ge8+QM8+cj4WHOlXtZ:pRuPs3DKYc5+QM1KW
Score3/10 -
-
-
Target
Subarachnoid/saddleback.jer
-
Size
236KB
-
MD5
fb3375e7cb0698df507062161a26885f
-
SHA1
5e98c5e6f50a1b57b1e72b412d9632603ff954ef
-
SHA256
eb781b87f06cbbb43e36413f70a97528dff827a3da9575e56142324f9cf43477
-
SHA512
949fb9f863eb2ec85b84c4db3e4ea023f1c3fc09cb79fe52b58569c616fc28f2e0d095db535c3b80ef44ce4f75ea4752313f4f20a3e3a61e49163fce8078b79b
-
SSDEEP
768:kn4C0nabowYKKucVjMHtvH3Eq1Zg5c+0o4u1uLlOxRuYP9aVsVL/e3ec6Axhe7rO:zAzhHNuZla85OxXCm
Score3/10 -
-
-
Target
distortionless.Ska
-
Size
378KB
-
MD5
85fc6cabf335ce81cbae00b602a9eeb1
-
SHA1
abe79a178fcff6f54785bf739b5b3da2c5ddd335
-
SHA256
0fe88c31b5927ff5d298b958b8249f73932cd0626be40bc4f0c53e4c1fee194b
-
SHA512
2e9b68c198e5a0d2ba42013fcb1ee49c3378916383ee6709e7d4e8cff072d3778597bb0c89aca44bf9a8551b8d5d92e7bb5ece6d771710cba7e1bc319a5a3d99
-
SSDEEP
6144:DKJqy+wdTormUTsLnezqBg7Eg/XicZi0Ikufi+k:DryBdETsLezqAXiUi+
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1