General
-
Target
New Prices List.zip
-
Size
1.3MB
-
Sample
230327-wrbqbsgf8w
-
MD5
1fd4bd709ba9d02f7bbbdd82fed2e27c
-
SHA1
3486cf4591c6a599dea1bd26c0ab0ad50ffd38b9
-
SHA256
fb8ae13e0e48f69f3a6969fc39a698440810f1a73fbdb0e4577bca6751785b91
-
SHA512
250484fb16456946adc858431e9bdb9e7fb4b707f2d5ecb1872d500212250433937ce53c03e2edea99b8f56c13b19d3e20294a58df79092e35f6f0322679326d
-
SSDEEP
24576:iTz7+4zyekQ0WD5c75vo3VzLVc6MaKQb3pO5DQ6dv9GjjEHAmFg+admr4LsNkG:i7dGWPFm6hb3Y50631go54LsSG
Static task
static1
Behavioral task
behavioral1
Sample
New Prices List.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
New Prices List.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
useronelog@gthltd.buzz - Password:
7213575aceACE@# - Email To:
userone@gthltd.buzz
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
useronelog@gthltd.buzz - Password:
7213575aceACE@#
Targets
-
-
Target
New Prices List.exe
-
Size
2.9MB
-
MD5
fabd248daf033e67ec097ee81f98057f
-
SHA1
eaaaa082a9d289615ad60b4b543ea8e8f4503d53
-
SHA256
f85bdfda6812ecae4d1d46e8b4ebcc0bc2103df87b70a8cdee360b5c94e3c88f
-
SHA512
ea6f903074771e35183452f5f20a46646f21741eb80ed16a51f98933be824faa8a5ad2c5c0b239d419d808d1b5f5657d15261040e8094deca3ebe55d0d592474
-
SSDEEP
49152:XHlztB1GwNn54R2NVNnfQ8FoBXv/uomC+rDiPRU7XJnsj+A:Xl5DzMRS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-