General
-
Target
1C953295E9617CA7097C16C84628352A704A8D0368A20DEB2AD9D1B6520E92FF
-
Size
868KB
-
Sample
221124-t62h7afg28
-
MD5
4569c8960f76bd8966ced3f1d08c2a45
-
SHA1
eb24bb65201c7ad28b70daf6e8d9d0d0a0e06485
-
SHA256
1c953295e9617ca7097c16c84628352a704a8d0368a20deb2ad9d1b6520e92ff
-
SHA512
a9e105269841e722dc7f7d90800fb0091da06c4f62f246bf094adac781d51b9fabea56f222aa2a1ceb3e6c673bdf6c0cef216d07d8062a48661cd297c329c58d
-
SSDEEP
12288:HpMHNTMXeiAXumMdt1/WpZl/cqDkEvSgySMNB0eN/9SM6OyvqhoJigiFdF8BCNL:qttiJti+qw1Vg09Gn/i98BCB
Static task
static1
Behavioral task
behavioral1
Sample
PIn94AU190#2022 pdf.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
PIn94AU190#2022 pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
WEf*ZBI1
Targets
-
-
Target
PIn94AU190#2022 pdf.exe
-
Size
1.0MB
-
MD5
8db7d8942a59eecff4dc1e41efd18b26
-
SHA1
c03a045634e43c6bf2a34c6184f4ad146aa9d843
-
SHA256
adf1e216e0532dfc46c9efd64d3bb5a687c7db93254f75185c19309dd9f1ef3b
-
SHA512
28e15136b53da1fd7b61d16e7d75ee4a7b384a4c7480ef927606d01b277a6e72e494fdbdc9afe4553f03d39f20611ae5101a8f55f517b83e24dca5bbbf9307a0
-
SSDEEP
24576:TG/p4JIB6ipSSfWcvzDzW8wzi3yT+L74mBfNUstzo:K/p4JCESdzDzW8wm3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-