General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.18362.32438.exe
-
Size
925KB
-
Sample
221126-a48d6sad33
-
MD5
e2a9849a08a5eb1e135c04b0604d9d64
-
SHA1
da64e496496d949a0e86cdc2fd9c9f99252506eb
-
SHA256
54f4fdb16ec6a53f43577c742860b4b3ba37611f67a57ceb65478821e4216825
-
SHA512
491fa1cddbb79f41f3a96ed4a18a90f5b3a34734c420a5830c35614a39add91f960f88fa586a959b092525299fe5e055b82d1260cd9a4e496f724dc60adb58b6
-
SSDEEP
24576:kjU376CqskFgqIyXXfCob/KixjqmwSmM0kCzFrM86hjK:ko1kVXXfd/KiFqmMM0ke//
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.18362.32438.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.18362.32438.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hostinger.com - Port:
587 - Username:
[email protected] - Password:
lOg123@@
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.18362.32438.exe
-
Size
925KB
-
MD5
e2a9849a08a5eb1e135c04b0604d9d64
-
SHA1
da64e496496d949a0e86cdc2fd9c9f99252506eb
-
SHA256
54f4fdb16ec6a53f43577c742860b4b3ba37611f67a57ceb65478821e4216825
-
SHA512
491fa1cddbb79f41f3a96ed4a18a90f5b3a34734c420a5830c35614a39add91f960f88fa586a959b092525299fe5e055b82d1260cd9a4e496f724dc60adb58b6
-
SSDEEP
24576:kjU376CqskFgqIyXXfCob/KixjqmwSmM0kCzFrM86hjK:ko1kVXXfd/KiFqmMM0ke//
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-