General
-
Target
PI#102087.exe
-
Size
651KB
-
Sample
221125-cxevdshf2x
-
MD5
505852f2cd67a14131d2d6e927d92889
-
SHA1
a7062897a84533c30705eb6667d352c78a43b9f6
-
SHA256
8e6fe812e3f4a19a51a0978e9c47e2cdb891f1feecb0a7ae2c1eff744c971371
-
SHA512
49709821545b0fb4e7c12ebee2382258def6f5ad9025c91d1ce28bd02b961d8f7c0aed47d2d1a866d5636643d9f13e5a561c872e06e758af2f2f148180bd7585
-
SSDEEP
12288:sFTYIvM3zrbETClyHskFgFwIyXCDmVRSmMSwOQkL7AiGSdrZOOP55U9smC7B4s:6dU376CoskFgqIyXxv/kiPpZFbU9smCr
Static task
static1
Behavioral task
behavioral1
Sample
PI#102087.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
PI#102087.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.strictfacilityservices.com - Port:
587 - Username:
[email protected] - Password:
SFS!@#321 - Email To:
[email protected]
Targets
-
-
Target
PI#102087.exe
-
Size
651KB
-
MD5
505852f2cd67a14131d2d6e927d92889
-
SHA1
a7062897a84533c30705eb6667d352c78a43b9f6
-
SHA256
8e6fe812e3f4a19a51a0978e9c47e2cdb891f1feecb0a7ae2c1eff744c971371
-
SHA512
49709821545b0fb4e7c12ebee2382258def6f5ad9025c91d1ce28bd02b961d8f7c0aed47d2d1a866d5636643d9f13e5a561c872e06e758af2f2f148180bd7585
-
SSDEEP
12288:sFTYIvM3zrbETClyHskFgFwIyXCDmVRSmMSwOQkL7AiGSdrZOOP55U9smC7B4s:6dU376CoskFgqIyXxv/kiPpZFbU9smCr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-