General
-
Target
Balance remittance advice.exe
-
Size
1.1MB
-
Sample
221206-g2l7gsee3t
-
MD5
d19b22df7eb03f1be9f2359742386587
-
SHA1
d32947941833558ec0d5d1b2e83ca853b9500363
-
SHA256
ae91d68a41e56272d651d94ac67588c7c7fd558b766af81036d141068c560587
-
SHA512
ace1c4e3c2f4643b30c2478787a575e1714bb068374da3a2e316e110b3243bbb9e1294edb2aa3527d91623c0d4841d076030ea4e0a1d73aab7df3d603f5e5918
-
SSDEEP
24576:V+D7sqlKxlJ7I6Et48rQA1oaZOCOJ9PL7pRbH25Ykuw+mi:QD7sdToCrkOCOJtL7pRbH21Ji
Static task
static1
Behavioral task
behavioral1
Sample
Balance remittance advice.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Balance remittance advice.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.siliconsafepack.com - Port:
587 - Username:
[email protected] - Password:
mQqt$sHJba83 - Email To:
[email protected]
Targets
-
-
Target
Balance remittance advice.exe
-
Size
1.1MB
-
MD5
d19b22df7eb03f1be9f2359742386587
-
SHA1
d32947941833558ec0d5d1b2e83ca853b9500363
-
SHA256
ae91d68a41e56272d651d94ac67588c7c7fd558b766af81036d141068c560587
-
SHA512
ace1c4e3c2f4643b30c2478787a575e1714bb068374da3a2e316e110b3243bbb9e1294edb2aa3527d91623c0d4841d076030ea4e0a1d73aab7df3d603f5e5918
-
SSDEEP
24576:V+D7sqlKxlJ7I6Et48rQA1oaZOCOJ9PL7pRbH25Ykuw+mi:QD7sdToCrkOCOJtL7pRbH21Ji
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-