General
-
Target
04122024_0947_04122024_OrderNO000293988494948595850000595995000.gz
-
Size
474KB
-
Sample
241204-lywc7sskft
-
MD5
e0b412577315b4784f422ab40a87eb58
-
SHA1
cb517388624cbffbb69c8e21545193ab1a250310
-
SHA256
dc8bb75ad0523aec1b266d8d6ac4ba77a100ee31be2edff7ead8c18fdc59a7b7
-
SHA512
ebd5042d94e05837cf2f11f0b3c9458970556d2dbf9560ccabab1bb021a71c2459d50e806ff48c70456ddc455a472b3a876af77a92a7ecc4b6bb50c9ca5d1f63
-
SSDEEP
12288:WSqTv4CQr9epHBHFUF3AT4ySg3NVeJ2Cho12hb7WzT:WH4CkajjTwgreJ2Cho1Q3sT
Static task
static1
Behavioral task
behavioral1
Sample
Order NO 000293988494948595850000595995000.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Order NO 000293988494948595850000595995000.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
Order NO 000293988494948595850000595995000.exe
-
Size
600KB
-
MD5
52131cce80de6868d4eb452ec3bcb91b
-
SHA1
4ce48ce0ac577aa4008359cc9178dfb1e9e95f25
-
SHA256
935cbed36f8d1f6e18a988bc200c075039f4dc6ffb1a87e1a72c9f8b393fe4fa
-
SHA512
88203976f238dc1f93c2bfa7ac255f77755bf0b692f45631d9e7ccc853ef89b8c1d3ddfd0fe86978409bee0f81ac03c81c11757ed2deadb29b3f4b495a1680bc
-
SSDEEP
12288:tHadcxTcho0xSH0dgsK4lU7MMJtkbgPtYDoZ:VadhaNUdgPsqJtkIYDoZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Guloader family
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
192639861e3dc2dc5c08bb8f8c7260d5
-
SHA1
58d30e460609e22fa0098bc27d928b689ef9af78
-
SHA256
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
-
SHA512
6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc
-
SSDEEP
192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1