General
-
Target
Faktura Elexa_FV24103_pdf .img
-
Size
92KB
-
Sample
240701-n1frmszejh
-
MD5
03231e3ab082825c61ef1e7e097752dd
-
SHA1
566e4d9f0b2588b9a310213aa496179339f1d758
-
SHA256
eb56586394b02b762dd8e55ff044e31142f46b3d3efd143dac818a61784bc693
-
SHA512
27971e092e55448052f990a73d6041663452ed4720c960b9f7a0f4c502aef4390e0f7426a223af33b9fa279a8d33ce625d43c4cf2a9f46a6f67c375e23faf6a8
-
SSDEEP
768:ZJ4UgWq/hHcO4x+BQC0WX57XDyaBNHVxYoAUQ/lX:r4fB8KBQC0kBTygVxLLqV
Static task
static1
Behavioral task
behavioral1
Sample
Faktura Elexa_FV24103_pdf .iso
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Faktura Elexa_FV24103_pdf .iso
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
out.iso
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
out.iso
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Faktura Elexa_FV24103_pdf .scr
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
Faktura Elexa_FV24103_pdf .scr
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mediatrend.it - Port:
587 - Username:
[email protected] - Password:
PugsmgkHD4 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.mediatrend.it - Port:
587 - Username:
[email protected] - Password:
PugsmgkHD4
Targets
-
-
Target
Faktura Elexa_FV24103_pdf .img
-
Size
92KB
-
MD5
03231e3ab082825c61ef1e7e097752dd
-
SHA1
566e4d9f0b2588b9a310213aa496179339f1d758
-
SHA256
eb56586394b02b762dd8e55ff044e31142f46b3d3efd143dac818a61784bc693
-
SHA512
27971e092e55448052f990a73d6041663452ed4720c960b9f7a0f4c502aef4390e0f7426a223af33b9fa279a8d33ce625d43c4cf2a9f46a6f67c375e23faf6a8
-
SSDEEP
768:ZJ4UgWq/hHcO4x+BQC0WX57XDyaBNHVxYoAUQ/lX:r4fB8KBQC0kBTygVxLLqV
Score3/10 -
-
-
Target
out.iso
-
Size
92KB
-
MD5
03231e3ab082825c61ef1e7e097752dd
-
SHA1
566e4d9f0b2588b9a310213aa496179339f1d758
-
SHA256
eb56586394b02b762dd8e55ff044e31142f46b3d3efd143dac818a61784bc693
-
SHA512
27971e092e55448052f990a73d6041663452ed4720c960b9f7a0f4c502aef4390e0f7426a223af33b9fa279a8d33ce625d43c4cf2a9f46a6f67c375e23faf6a8
-
SSDEEP
768:ZJ4UgWq/hHcO4x+BQC0WX57XDyaBNHVxYoAUQ/lX:r4fB8KBQC0kBTygVxLLqV
Score1/10 -
-
-
Target
Faktura Elexa_FV24103_pdf .scr
-
Size
31KB
-
MD5
98da04a6b0b83989d1bee2eda1ca6c50
-
SHA1
26a122571f8f81a40ce78b06d7c9d89b19923fac
-
SHA256
ffca66beb014d70ebd6242618f97426da7466ea3e3fcf033b7ec39e9c94d2bf8
-
SHA512
115237af29b47f5dbaa01db08e18a271717104e177c52c434e938e93cf4d58f8090e5fe5182228f3144adf55144f3b846d0c4fa245c2cc2434b8002836a5e83e
-
SSDEEP
768:c4UgWq/hHcO4x+BQC0WX57XDyaBNHVxYoAUQ/lX:c4fB8KBQC0kBTygVxLLqV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-