General
-
Target
statement of account.exe
-
Size
759KB
-
Sample
221129-radq5shf3x
-
MD5
808f76963a9f42ad7310a3b7d65c7983
-
SHA1
f748a841b2ec35bc40ed0bacbe953c28bc11a8a6
-
SHA256
9f04b0b059e331845f8c3f9f4f83c785b07766529bb24dbbfb02fbab9e414938
-
SHA512
33681149a92fa03e80ed0e1c38dac6672785dd058d40b74daa75f649d8b7b78b315755fe81854919579a4fd9c1043aa52bcc5a46a3ccc954c1e6d3c16ea9a5cb
-
SSDEEP
12288:nKdsyGFr5cE8LHW4RelEpb8bOmsX4K1hOCcTVURwq05Sgk2/SEdRMA/LyzIPPPu:6ZvLrRGWb8OH1hO1UH0A49/LkInstA
Static task
static1
Behavioral task
behavioral1
Sample
statement of account.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
statement of account.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.clipjoint.co.nz - Port:
587 - Username:
clipjoint@clipjoint.co.nz - Password:
melandloz64
Extracted
agenttesla
Protocol: smtp- Host:
mail.clipjoint.co.nz - Port:
587 - Username:
clipjoint@clipjoint.co.nz - Password:
melandloz64 - Email To:
geortiok4@gmail.com
Targets
-
-
Target
statement of account.exe
-
Size
759KB
-
MD5
808f76963a9f42ad7310a3b7d65c7983
-
SHA1
f748a841b2ec35bc40ed0bacbe953c28bc11a8a6
-
SHA256
9f04b0b059e331845f8c3f9f4f83c785b07766529bb24dbbfb02fbab9e414938
-
SHA512
33681149a92fa03e80ed0e1c38dac6672785dd058d40b74daa75f649d8b7b78b315755fe81854919579a4fd9c1043aa52bcc5a46a3ccc954c1e6d3c16ea9a5cb
-
SSDEEP
12288:nKdsyGFr5cE8LHW4RelEpb8bOmsX4K1hOCcTVURwq05Sgk2/SEdRMA/LyzIPPPu:6ZvLrRGWb8OH1hO1UH0A49/LkInstA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-