General
-
Target
d7ec8f6f25b81a46e53f3c2a3841bc0eb87f5434e9dcfeb76911a2de7223189e.img
-
Size
1.5MB
-
Sample
241021-k82gjaxhph
-
MD5
20a560055eb3adc08bdb6212bc7fd4d5
-
SHA1
20510590f85bd55a138b46c4c3490eca7aa3609b
-
SHA256
d7ec8f6f25b81a46e53f3c2a3841bc0eb87f5434e9dcfeb76911a2de7223189e
-
SHA512
0a02f233a33e4aca39426e48e017f975eb1c3e506101a22f2fd0e762beffc40aaf3763a348f91bf5ebdc547c30c40c76714e263bb6e4456dd3ada9dd53904d6c
-
SSDEEP
24576:Ao8RUr/5+1z5qy4liClnpwWcw0r0ye66RnKUgGEM71KOx5h:Ah+/0qygxlpvAGOsKO
Static task
static1
Behavioral task
behavioral1
Sample
Documenti di spedizione.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Documenti di spedizione.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
Documenti di spedizione.bat
-
Size
983KB
-
MD5
c2d72d131fe371481a0cc117bb835f23
-
SHA1
dd736a4b716d790f1a3b304f265530399e0646aa
-
SHA256
d5ee11c69acd2903e1d9b6f6b59aabbd66d9a38430fe4a020d48b18707afb9b8
-
SHA512
79c15f7b54322f2843f203a99605b5cdfd6a0a3fe41bf9265808a266d1c68d099f3fab8354a0d87e53eb673b101ca211a422748c232c725cadb3f4ebf6c9ce39
-
SSDEEP
24576:co8RUr/5+1z5qy4liClnpwWcw0r0ye66RnKUgGEM71KOx5hw:ch+/0qygxlpvAGOsKOm
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae
-
SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b
-
SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
-
SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
-
SSDEEP
192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1