General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.6315.exe
-
Size
956KB
-
Sample
220923-hj7wxadde2
-
MD5
00e06c2981dd2a4ec8e53896e0876e6a
-
SHA1
35a356a072aeb0037dd043d62bff09daf079d121
-
SHA256
54e61eb93543f595d8589d7b09ef0a1286e238d58f6ae7a8001b0f73ca09d79e
-
SHA512
45a580dc8309f9ad4434dec5d56b49679e1727d8dbc5676e9a9838aa391f22a4ff09e046723ea7795142deaba1b37135c4a131d349b01349e1d84fb556fd7488
-
SSDEEP
12288:3bRwp6J6xdgZ8Uqcoz5pX6yZy4hdULM1W9Cl86dggxC02Iwo:3bwQQgZjqcouy44hcDtJIJ
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.6315.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.6315.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.hussain-co.com - Port:
587 - Username:
finance@hussain-co.com - Password:
%%finance_@2018%
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.6315.exe
-
Size
956KB
-
MD5
00e06c2981dd2a4ec8e53896e0876e6a
-
SHA1
35a356a072aeb0037dd043d62bff09daf079d121
-
SHA256
54e61eb93543f595d8589d7b09ef0a1286e238d58f6ae7a8001b0f73ca09d79e
-
SHA512
45a580dc8309f9ad4434dec5d56b49679e1727d8dbc5676e9a9838aa391f22a4ff09e046723ea7795142deaba1b37135c4a131d349b01349e1d84fb556fd7488
-
SSDEEP
12288:3bRwp6J6xdgZ8Uqcoz5pX6yZy4hdULM1W9Cl86dggxC02Iwo:3bwQQgZjqcouy44hcDtJIJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-