General
-
Target
FedExInvoiceDetailsDec.exe
-
Size
904KB
-
Sample
221207-n2wt9ahb5s
-
MD5
68a8baf4c81bc06fc0d7218f136ceca2
-
SHA1
b327c03d081a642b1611986cf4d3b5056333d18b
-
SHA256
eaf9f04e7b89ff0fd3fa3ab826230ffc410762cb6485c252d6682cd4d7630343
-
SHA512
6e513893daa1531bd0644f558ba51f4a230055d20350e2a1332489eba978fd7af59772c141a57846c86cd7ceb8f2e24c6229d9b598498203638813adb44a7106
-
SSDEEP
12288:9SoQgKZ/nXt7virmWhlGLaQYIEjmaP8LspX7/dRzI3Nsl3pSQgWnxwt+T3OigMOD:9fKspDRpo7WnSs9D64Iho
Static task
static1
Behavioral task
behavioral1
Sample
FedExInvoiceDetailsDec.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
FedExInvoiceDetailsDec.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5702698141:AAH3zArxBJTzE6y3KAwr-22tBuWNisJ3iEg/
Targets
-
-
Target
FedExInvoiceDetailsDec.exe
-
Size
904KB
-
MD5
68a8baf4c81bc06fc0d7218f136ceca2
-
SHA1
b327c03d081a642b1611986cf4d3b5056333d18b
-
SHA256
eaf9f04e7b89ff0fd3fa3ab826230ffc410762cb6485c252d6682cd4d7630343
-
SHA512
6e513893daa1531bd0644f558ba51f4a230055d20350e2a1332489eba978fd7af59772c141a57846c86cd7ceb8f2e24c6229d9b598498203638813adb44a7106
-
SSDEEP
12288:9SoQgKZ/nXt7virmWhlGLaQYIEjmaP8LspX7/dRzI3Nsl3pSQgWnxwt+T3OigMOD:9fKspDRpo7WnSs9D64Iho
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-