General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.543.5711.exe
-
Size
687KB
-
Sample
221128-ljrfpsda53
-
MD5
f1020345f5fa6e88c879f38d37345c6c
-
SHA1
f1e21bec1dda785e0ab91b7accc6c53d5725ee03
-
SHA256
e3f743fb706abf616add3cf15faa3ebcb36b14c400952afd37485176e71eaa32
-
SHA512
60494009008023fb2d82d375b52a5443b5efea3b7ba11dec313a2ecb93c582e8c4c1cc5bcbfd9564a054d40938034e94244700c354fab0ff5acfb464b27d9e00
-
SSDEEP
12288:w6cWpbKbfi7es4UKy0BOKAaJOTf5orAh9AUmbnXcRbVIURe+:w5EbK8e8KHsKAauWrAhezbnM/9
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.543.5711.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.543.5711.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.dana-world.com - Port:
587 - Username:
siva@dana-world.com - Password:
communication$dongle&1132
Extracted
agenttesla
Protocol: smtp- Host:
mail.dana-world.com - Port:
587 - Username:
siva@dana-world.com - Password:
communication$dongle&1132
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.543.5711.exe
-
Size
687KB
-
MD5
f1020345f5fa6e88c879f38d37345c6c
-
SHA1
f1e21bec1dda785e0ab91b7accc6c53d5725ee03
-
SHA256
e3f743fb706abf616add3cf15faa3ebcb36b14c400952afd37485176e71eaa32
-
SHA512
60494009008023fb2d82d375b52a5443b5efea3b7ba11dec313a2ecb93c582e8c4c1cc5bcbfd9564a054d40938034e94244700c354fab0ff5acfb464b27d9e00
-
SSDEEP
12288:w6cWpbKbfi7es4UKy0BOKAaJOTf5orAh9AUmbnXcRbVIURe+:w5EbK8e8KHsKAauWrAhezbnM/9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-