General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.3625.3458.exe
-
Size
983KB
-
Sample
221206-e3netshd92
-
MD5
f6d16703c2aa498d1c7e5bc782f4eb9d
-
SHA1
13438d12766b5d1f3395fa5bbf7e92d1f340c7d2
-
SHA256
861f887932a3774522e3e4a054feeb7831039818d84083bcf7a6725ed48aa656
-
SHA512
550ac465155a3823b6d02e95a20673e24b935f1e9ba61fce724770692eb36086e5c801ac487bdc8608df95b00c74a193dc6232850d46664b78a4bc5cf60e8a21
-
SSDEEP
24576:HIkrAUkvkoLFcABAUn/vfgC+Cw0byHSXJcr0o6qure:HIkEpsoLFciAUn/z+Cw0b2SXmF6W
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.3625.3458.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.3625.3458.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.symmdentaesthetics.com/ - Port:
21 - Username:
[email protected]/ - Password:
smartooo@12
Protocol: ftp- Host:
ftp://ftp.symmdentaesthetics.com/ - Port:
21 - Username:
[email protected]/ - Password:
smartooo@12
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.3625.3458.exe
-
Size
983KB
-
MD5
f6d16703c2aa498d1c7e5bc782f4eb9d
-
SHA1
13438d12766b5d1f3395fa5bbf7e92d1f340c7d2
-
SHA256
861f887932a3774522e3e4a054feeb7831039818d84083bcf7a6725ed48aa656
-
SHA512
550ac465155a3823b6d02e95a20673e24b935f1e9ba61fce724770692eb36086e5c801ac487bdc8608df95b00c74a193dc6232850d46664b78a4bc5cf60e8a21
-
SSDEEP
24576:HIkrAUkvkoLFcABAUn/vfgC+Cw0byHSXJcr0o6qure:HIkEpsoLFciAUn/z+Cw0b2SXmF6W
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-