General
-
Target
Orden de Compra No. 434565344657.exe
-
Size
1.1MB
-
Sample
241111-mvj2faybmr
-
MD5
aa0211ddd72f92fc5dbf245795721c7b
-
SHA1
d20bb5b0cc2543a6a73f76539f55b8787ac779df
-
SHA256
67bf2a6e18cc9f982fbafc235f75604ab53da2936365bb29dc008470ebfb7fd1
-
SHA512
5385f393fdc255d441805642b65b431691b8db5a571a2c0b3175b70c92b8a8c69bf7ea20a718ccfade51f40bf7d9edc645dd407c034f50b7fab9875d49fa65ec
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCxamqMW4BEZcxyTcZseUP4j:7JZoQrbTFZY1iaCxamqMjEZcxyTcZRC6
Static task
static1
Behavioral task
behavioral1
Sample
Orden de Compra No. 434565344657.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
-GN,s*KH{VEhPmo)+f
Targets
-
-
Target
Orden de Compra No. 434565344657.exe
-
Size
1.1MB
-
MD5
aa0211ddd72f92fc5dbf245795721c7b
-
SHA1
d20bb5b0cc2543a6a73f76539f55b8787ac779df
-
SHA256
67bf2a6e18cc9f982fbafc235f75604ab53da2936365bb29dc008470ebfb7fd1
-
SHA512
5385f393fdc255d441805642b65b431691b8db5a571a2c0b3175b70c92b8a8c69bf7ea20a718ccfade51f40bf7d9edc645dd407c034f50b7fab9875d49fa65ec
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCxamqMW4BEZcxyTcZseUP4j:7JZoQrbTFZY1iaCxamqMjEZcxyTcZRC6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-