General
-
Target
Payment Transfer.rar
-
Size
641KB
-
Sample
221128-nyg7pafe6w
-
MD5
f1f5eb3c650e0949e5f3061f3f731521
-
SHA1
ca044d17dd588495188316f54dfbec7afd3a37af
-
SHA256
3e81f3f5c0ec036c7acfa135644e604361f0f3996d90d338828957d9041d48b9
-
SHA512
92384093834ed46f31a8c7102c1a734583cc0ea565c4e8379af801fbe17f3277c5f3ae7b93a4ad5d40d3635e9240cce5a3c010ec5ea0e27d92ab9cf256529c96
-
SSDEEP
12288:8ilW/wbA8qPnLdzF+6D3j9o9Yi6Y5bJ8i4RrgSPvCitGA/:8OW/MGLd5/g+Y5bJ+RgsJv/
Static task
static1
Behavioral task
behavioral1
Sample
2211.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2211.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
2211.exe
-
Size
653KB
-
MD5
aeb1becc0f251e643e27c95d2fa1d91b
-
SHA1
f14bbc296f1da0a6e11993286871f2e9bacff72c
-
SHA256
8cdd2376c22a3f37faafe3a39f3730b7c03c9e641b729607ca2b083abbc3f05e
-
SHA512
0f2f2d370b257796b73f227adb055bfdd57621f34198cfabf66eef1dee43c5904263f32a7ce699ef716709dd3119b46639726e571e495533f15a2e8c403c9dec
-
SSDEEP
12288:ggF5Mgmsq8We1+CGGpKw65AHm9RCBT3g5AnttzyrMNkaM8:ggF5asqb+BFV2RKT/ntMMKaM8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-