General
-
Target
Payment Advice.ARJ
-
Size
20KB
-
Sample
230206-vf5zcsac2s
-
MD5
e329dc7926c7516dbc968ddefe67ee0c
-
SHA1
a3045747e595fae86520057d00589dbabd0db089
-
SHA256
88545da29ed38b49b6e156130f465ba449a0cfcd0650a4c15f9764cb7d540472
-
SHA512
73cb9fd6437e7ada5c95f16d663b48fbdf0e631d2652d590698016932440e70be0e40b017b2b614230378b7407146ed887a71d615ae8d55566efce8d7ccc348d
-
SSDEEP
384:tdZrTmw1aVACIFejZu4Rjj5ikActuTJslcTRd4t7PfzgiBUpxqT:VuA5e1u41j5iiuNslcTRd4JKqT
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Payment Advice.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wasstech.com - Port:
587 - Username:
sahar.nassif@wasstech.com - Password:
payment 12345 - Email To:
sahar.nassif@wasstech.com
Targets
-
-
Target
Payment Advice.exe
-
Size
64KB
-
MD5
b6eb7b4e594a56b4863355c9a7f86b53
-
SHA1
117f098e05ef647da17ea4182b77f99efd7b1b94
-
SHA256
6293bc321e0d935cb697ff2d091446f6ff17b604c8720fe525f0ef3c38de8dbe
-
SHA512
463248fab99aff86929190ce4e7197ccfd59a65e5fbe8c85236e12825a8851c9479c394bf6fc403aab36632607109a12d065451c662138b7b32a237c9a50511a
-
SSDEEP
768:0AOAg9DjP3i6zmz4e2XX/40LO6dusn04ep:ZON9DjP3iC+Ja/40ymuL3p
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-