Overview

overview

10

Static

static

5

Comprobant...88.exe

windows7-x64

10

Comprobant...88.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ecaa1790ddf6b43ec1935539e9745ae7c6c9f04e3fb85b05df3e1319c36a782

  • Size

    527KB

  • Sample

    241120-bm5sdsxbld

  • MD5

    ec179c416afeeb4fb913aa31d29faa13

  • SHA1

    27ea7e5ab8ec3dabeb0a693c0be409f18c8b5d30

  • SHA256

    0ecaa1790ddf6b43ec1935539e9745ae7c6c9f04e3fb85b05df3e1319c36a782

  • SHA512

    b864b332ade298aa1b274ba4efc12244fd12b7f539bbf4df14a343deb140d1b25d4dfc40b95551c60561d944894e6c6d4f734f6a2a575e6f906b61aea10afda1

  • SSDEEP

    12288:KNaAfhnrkrpdFu6B7ka/pwJIdhkGfvKFldyT8/Bm12:caAf9WFu6BppTdvfvKQT8/Bm12

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.elquijotebanquetes.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    4r@d15PS!-!h

Targets

    • Target

      Comprobante_swift_090934540687573788.exe

    • Size

      1012KB

    • MD5

      758ea76e22dd3e20eaffbdfab8df137d

    • SHA1

      392c5fe22196ff6ace463f0f40d02bc77753b4ac

    • SHA256

      84b8c47f4fa7e736e66ac6401a0f01d60522cc644e225318acb787a25034586f

    • SHA512

      abb042716e677eccd5eedcedd6b530eb15ffd0b08082540485ad4021dc818a71242e9a3e0bcbc974cabe1f09176c45fa8df0bcf96936f2895240e3b5e47c8855

    • SSDEEP

      24576:iu6J33O0c+JY5UZ+XC0kGso6FaEXVk382vWY:Eu0c++OCvkGs9FaElkCY

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks