General
-
Target
f_02068a.zip
-
Size
1.0MB
-
Sample
230327-vnq56sed82
-
MD5
0c1481b6d67fcb5dbac87d1e2bf8fff3
-
SHA1
a65c324fcec636c86e795fe9fdaed24785248238
-
SHA256
b8ffe1bb8772c2dba20b24370c95564a8bae6449ec1efa847a74c2a7a0bb9d83
-
SHA512
816743a5e441916052117e7e5784019f254774284b328bb0e62f2f2fb127b19e265d2c399b9de92cc545b7838f4d74eff7a5195d69971c6b088493b3c14d1279
-
SSDEEP
24576:pr9uKQuXbmtumNmmStGRwo1FAKhCGnA+Xwz1sEu8iG2LvFrgpuixIK:pr9uKQKbEx4tEt1FAQz7LujIK
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice_PDF.scr
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Payment Advice_PDF.scr
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
baitunniniola@yandex.com - Password:
skckiglxqgwrfpxh - Email To:
baitunniniola@yandex.com
Targets
-
-
Target
Payment Advice_PDF.scr
-
Size
2.4MB
-
MD5
5d5a06166ce1d99636634c4016618c01
-
SHA1
8102c713286ace56d07914cc6164e27412d2d17d
-
SHA256
09da622ef3e5d5a12d5b51075e06a1ed054ac21d37eadb07cd901366150895a7
-
SHA512
3732f1d8fe6ad4b25639799c21f9d590ebbfbae7d648db99d1e3f21f752a7e0f3db11c0217d29ffb745ed814100f435bed879a9db8b2a1ebf2a12213b4575ec9
-
SSDEEP
49152:6T2UxXSau0WZL41of2iBUQQ/xD6WWdru:ff2bQQ/xD6W
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-