General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.25213.3401
-
Size
1.1MB
-
Sample
221123-r2we9sab95
-
MD5
14033d5efab3af6dde154aeae64c7baa
-
SHA1
07dfacdcf3bca00084d51713358b4f0b0ae1ce80
-
SHA256
1fe08e7ba52b00e78eb445d792ee3d03648b9b90ea02902e875df4668d490ac5
-
SHA512
73c2cd25bee150cd514332e24eec8e94075de36c4b0fc2aaa44795ad21f78b2d4fecafe6822bcd8a3957adfcd08b133118f5f5e895b7ab6de829ab35fbeab16d
-
SSDEEP
24576:Uzlwgh/awQ2DzXq0XVGmogUn+ielIY+MKD5f+ycM3LTu/WPLnTIRD:UzlTh/d7fjVlVU+9lJbKuM3Lyunc
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.25213.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.25213.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mad-max.pila.pl - Port:
587 - Username:
[email protected] - Password:
JCbDYyer - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.25213.3401
-
Size
1.1MB
-
MD5
14033d5efab3af6dde154aeae64c7baa
-
SHA1
07dfacdcf3bca00084d51713358b4f0b0ae1ce80
-
SHA256
1fe08e7ba52b00e78eb445d792ee3d03648b9b90ea02902e875df4668d490ac5
-
SHA512
73c2cd25bee150cd514332e24eec8e94075de36c4b0fc2aaa44795ad21f78b2d4fecafe6822bcd8a3957adfcd08b133118f5f5e895b7ab6de829ab35fbeab16d
-
SSDEEP
24576:Uzlwgh/awQ2DzXq0XVGmogUn+ielIY+MKD5f+ycM3LTu/WPLnTIRD:UzlTh/d7fjVlVU+9lJbKuM3Lyunc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-