General
-
Target
nTransportLabel_1009893562_pdf.cab
-
Size
710KB
-
Sample
230328-nnvd9saf89
-
MD5
87c080f7ea89e39bde1fd8459c108db9
-
SHA1
286c1ad277a337938d6b962d036969eeafe449e6
-
SHA256
e4e5b97c49617da6eb6690b87f2a2975b4c76915aa7c930dec4d059fe5cd5648
-
SHA512
c2205cdd32841599827582b598ae6a6ba6021791d62b52a2ab1fef97d62eeb103c908433761103efb8639989384f054447c73d90aacdc02429129f434e52594d
-
SSDEEP
12288:jC8feHMGMwFWSkc01b6nxJb3j0AUO43b54O9z1WLjM8fwqOVhhUjoNmOuOkyE5py:2YoMhwlEbaJr4PO43b53z1bjqOXWjWNR
Static task
static1
Behavioral task
behavioral1
Sample
TransportLabel_1009893562_pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
TransportLabel_1009893562_pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.valtronics-ae.com - Port:
587 - Username:
eby@valtronics-ae.com - Password:
YTMIlIR0 - Email To:
eby@valtronics-ae.com
Targets
-
-
Target
TransportLabel_1009893562_pdf.exe
-
Size
790KB
-
MD5
5ea10085db645a0c943cae3e079c1365
-
SHA1
39477e60fe3a1a0365e36e82988f61aa858b928e
-
SHA256
743e9ab3afececaddd02c6402d7099f7e5c19f54799225f396c6808da207e78a
-
SHA512
241a79d8e137de843c3f053723ac34bc19f6ac4c37060c97f8b9dabb9c75f764330472eae8536dc922179f111ea5070bddfcd98cb8a9047821fcb233b5fac976
-
SSDEEP
24576:EcVZ9QGb2Zz4Ps43botB1bBqIwW3ZNC4Mj:33uOlopbQgpg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-