General
-
Target
321 Amita Technical 16.09.2022_1.zip
-
Size
415KB
-
Sample
220923-hsmx4ahddk
-
MD5
e6abf2d4259bd0070bba3a93969943a0
-
SHA1
31e62bf43852fa751de8ef79121c5ad5985bf6d7
-
SHA256
e493c7ec5337ed76c82272578120a1736c8993487624b71216f467629299a4d0
-
SHA512
8f68a628e884beba6420280c087e26359cef3459ddc396cb586e268d1b5151146f11c2a775f57fb80f69effbc33731892dd4129d5bbc0b8e8fdfe80314a10a70
-
SSDEEP
12288:2PXf80cqc0R3UXHs37WRRRSjRGghPyJiE:wXdciREXHsLMRSjHmj
Static task
static1
Behavioral task
behavioral1
Sample
321 Amita Technical 16.09.2022.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
321 Amita Technical 16.09.2022.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
multimetals.cfd - Port:
587 - Username:
logs@multimetals.cfd - Password:
logs@multimetals.cfd
Extracted
agenttesla
Protocol: smtp- Host:
multimetals.cfd - Port:
587 - Username:
application/x-www-form-urlencoded - Password:
logs@multimetals.cfd - Email To:
asset@multimetals.cfd
Targets
-
-
Target
321 Amita Technical 16.09.2022.exe
-
Size
621KB
-
MD5
a2a924c124bbc597a76495b4fb08f906
-
SHA1
7ce1c45be6abf27c1b6f6c33ad16a27c4925e51b
-
SHA256
9d45370a27c72436041f3ffb82b0c245eea5191c788b574e9656a23054340a61
-
SHA512
4d2dfb53de6c5070f52facb1f0285d24aabca79385fdcc818cd383d86abcedabbc36d4824cd0c5ef7aab4d62ac5d2be192e06efb5e59c82a856cb72b838a24f6
-
SSDEEP
12288:zie1sOdae4gm/EYA71I1W6cY7l9v4QjFMsZNSs86xNY:RskbTmMc1W6cI7JjFMsZN26E
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-