General
-
Target
REMITTANCE COPY.exe
-
Size
846KB
-
Sample
221129-17sq1acg39
-
MD5
e54ca4f235a6878e6c4913b4ddcba055
-
SHA1
b91ce873b8a93b46ebac12b5d1e62f3a1a9dd27f
-
SHA256
6acfd9ea1b88077926a542fd286da3119b626792f71b09927ca252236245d43a
-
SHA512
989091a3525ea3e57554530dab20d934e146caadb4b67a01b612f132758cb5b040529063b3d0eaa3abd782b04b6c11b7ea51a53330160b3cb75bc313201d49da
-
SSDEEP
12288:5RfBQNcgqo2Fr5cE8LHWt/SEdRMA/LyVu6gtY1OaQ3vf8aCmlSVB8Xbc20/HIPPB:r+qopvLC9/L1t+xQFCmQPxHInQ
Static task
static1
Behavioral task
behavioral1
Sample
REMITTANCE COPY.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
REMITTANCE COPY.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orogenicgroup-bd.com - Port:
587 - Username:
amir.hossain@orogenicgroup-bd.com - Password:
Hossain$3400 - Email To:
info@ledcenter.by
Targets
-
-
Target
REMITTANCE COPY.exe
-
Size
846KB
-
MD5
e54ca4f235a6878e6c4913b4ddcba055
-
SHA1
b91ce873b8a93b46ebac12b5d1e62f3a1a9dd27f
-
SHA256
6acfd9ea1b88077926a542fd286da3119b626792f71b09927ca252236245d43a
-
SHA512
989091a3525ea3e57554530dab20d934e146caadb4b67a01b612f132758cb5b040529063b3d0eaa3abd782b04b6c11b7ea51a53330160b3cb75bc313201d49da
-
SSDEEP
12288:5RfBQNcgqo2Fr5cE8LHWt/SEdRMA/LyVu6gtY1OaQ3vf8aCmlSVB8Xbc20/HIPPB:r+qopvLC9/L1t+xQFCmQPxHInQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-