General
-
Target
Shipping_Document.gz
-
Size
269KB
-
Sample
241121-bbaswawhra
-
MD5
60c2a5a98e22e0af687412c587a587c8
-
SHA1
e90a2aac0bf8023ebd4ce15bf5228f1d85787e1e
-
SHA256
0c60371abbee8b8492c2a1fb853ab09633f35ee4026afa1e08474279cf3e1214
-
SHA512
061f66eb37166b2dc1d7b962c953f6a6cf7ca5323f71dea787e0e25fbcea56e3fa5c4dc3bb1146a16094064775dac5e4f41a23f6bcb82b4c482b1bdffa2ebbc9
-
SSDEEP
6144:oSoBSfeyMGc7qhfC0KrlVz99LyCOHqtmfWzNIkvKoNmJxmqa2QUSQVxPn8cly:olBAfcO0hlVz3WC5tmOz/vKolqQPsBNy
Static task
static1
Behavioral task
behavioral1
Sample
Shipping documents 0000933349450065096000.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Extracted
Protocol: ftp- Host:
ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
Shipping documents 0000933349450065096000.exe
-
Size
284KB
-
MD5
10cc03882e85151ad4ca3db541f81cf3
-
SHA1
be6b86b006b887fdc5abee6e64a25b5f237445a0
-
SHA256
f2da88c88866585358047c6e08c8fd9c01178c3c8ec61345180d8335c68f3bb7
-
SHA512
6cdce4f6a27b565d938adfeb59dbc8e9e3e2ed02d86281f62ce7de82febe71c45520bf13ce1834c9662fbf13880ff714227635399c6dce1bc43048852b2abc18
-
SSDEEP
6144:UYRl7vMcPxo+C0Kl9D7k0UjHCHjQ9mHHa1gNC33FLkvKoNGJxmEa2QUkeS/op+:T4cY1DRUeHjomHHGgN7vKopwQReS/v
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1