General
-
Target
$485k remittance slip.rar
-
Size
879KB
-
Sample
221208-mhzlcshf67
-
MD5
a844cfd042b9b30bd52a2795e4ceb30c
-
SHA1
3a9711e63b3468749bc6adcf632d52efb163a961
-
SHA256
0ee279e0e6e76921c471ad654a98da79a37e2a86bab7e4aa1d1ad0b7dd9a3575
-
SHA512
dc682ae5a1c15666cd711e1a695250a1bb8782d9be42283deef0befb2742b53180d882f086940b20f10dc9c676b8bc3e06d3989fe6fd6c25354e5059edc0b5db
-
SSDEEP
24576:tUIrrtq/dUKnEV4TxjRhbw8rPxlxtYg6wQZL7Hy:tUcrtcUwxjRRrPxNN67S
Static task
static1
Behavioral task
behavioral1
Sample
$485k remittance slip.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
$485k remittance slip.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orogenicgroup-bd.com - Port:
587 - Username:
amir.hossain@orogenicgroup-bd.com - Password:
Hossain$3400 - Email To:
info@ledcenter.by
Targets
-
-
Target
$485k remittance slip.exe
-
Size
1.1MB
-
MD5
3c976b96890b9903905f40702489b71a
-
SHA1
ff948eac984a40c3069be57f9d5a8b76fa284882
-
SHA256
b756572a86b657edc9aed56e465bc36cfe13ee5f4518fd023351ad7f27376aff
-
SHA512
775754424396633e4ba0032df53b13ba160d0f37431819a0c7723b0bd0fe48e3b92ca81e97436b37c867da8c4a4effb556a72778e5f6910aeb012febce399f81
-
SSDEEP
24576:p5Q/cf1Ri6uXRIbtXacADVg9JQGF+r4lDxwg5+RRSWhsmA:qcfC6nldIVAWs7eoAsmA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-