General
-
Target
REQUEST FOR MV SEAVEN LUCK OUR REF SLU15022_pdf .exe
-
Size
20KB
-
Sample
221129-n4v1qsae5z
-
MD5
fe4ef1db322b674f6bbeb7bb68b6c5f4
-
SHA1
95330720af90df5d0768b3d28e804ff7999b8910
-
SHA256
2f9266e9ef0e05e89a58217aaaaa8a35b24d5f7ba1f2d7234a91c2de05b92d95
-
SHA512
0d5560906383271656bae66f902fcea623bc043ec8ee76f11e85a2a3a27c4cdcc05980673309d30672db45f20505df9e705d242e5eb17334736e65e719db647e
-
SSDEEP
384:jMRig/4CLG89ktwqrz++6zi5irLUqs7uLptYcFmVc03K:hW59ktfz++6zOvluVtYcFmVc6K
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR MV SEAVEN LUCK OUR REF SLU15022_pdf .exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
REQUEST FOR MV SEAVEN LUCK OUR REF SLU15022_pdf .exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5642205413:AAEVTUG9BJlGqe2WGFdx0ocZKR20YKKT3q8/
Targets
-
-
Target
REQUEST FOR MV SEAVEN LUCK OUR REF SLU15022_pdf .exe
-
Size
20KB
-
MD5
fe4ef1db322b674f6bbeb7bb68b6c5f4
-
SHA1
95330720af90df5d0768b3d28e804ff7999b8910
-
SHA256
2f9266e9ef0e05e89a58217aaaaa8a35b24d5f7ba1f2d7234a91c2de05b92d95
-
SHA512
0d5560906383271656bae66f902fcea623bc043ec8ee76f11e85a2a3a27c4cdcc05980673309d30672db45f20505df9e705d242e5eb17334736e65e719db647e
-
SSDEEP
384:jMRig/4CLG89ktwqrz++6zi5irLUqs7uLptYcFmVc03K:hW59ktfz++6zOvluVtYcFmVc6K
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-