General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.1520.18940.exe
-
Size
837KB
-
Sample
221206-d4skhacc7z
-
MD5
e666703d6c7b837f913c6ed5eab6b1c0
-
SHA1
d7b50f4057a56fc66f8e84a857ff59657add1929
-
SHA256
a88ee1a9027be5f82df034c1367c54c7b3d925eb17802a77badfe8423fc54f83
-
SHA512
2f1ce0770a5264a0214433aa53e972fb428f80407a85ae3482bb14c3cfd302c72b498168921d1fa975d710fd140cc8db3611e71eee623f6dfeba2e92ecd00c3d
-
SSDEEP
12288:fckVTTbvAFniZJ2pys3SniLMe9scSgxxHgB3ZG+11rjmahgKZ/nXt7virmWhlGLB:U2IG2pysVCcSyxHgBpG+1n
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.1520.18940.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.1520.18940.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.fixtech.gq - Port:
587 - Username:
[email protected] - Password:
infinity147
Extracted
agenttesla
Protocol: smtp- Host:
smtp.fixtech.gq - Port:
587 - Username:
[email protected] - Password:
infinity147 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.1520.18940.exe
-
Size
837KB
-
MD5
e666703d6c7b837f913c6ed5eab6b1c0
-
SHA1
d7b50f4057a56fc66f8e84a857ff59657add1929
-
SHA256
a88ee1a9027be5f82df034c1367c54c7b3d925eb17802a77badfe8423fc54f83
-
SHA512
2f1ce0770a5264a0214433aa53e972fb428f80407a85ae3482bb14c3cfd302c72b498168921d1fa975d710fd140cc8db3611e71eee623f6dfeba2e92ecd00c3d
-
SSDEEP
12288:fckVTTbvAFniZJ2pys3SniLMe9scSgxxHgB3ZG+11rjmahgKZ/nXt7virmWhlGLB:U2IG2pysVCcSyxHgBpG+1n
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-