General
-
Target
nWaybillDoc_1009893562_pdf.cab
-
Size
710KB
-
Sample
230328-nnvp2aaf92
-
MD5
250b4943ffac0d4945b45cd6c626671b
-
SHA1
7af4b47c19a433a77c8060e928853464433cd3d6
-
SHA256
8f965c7d7ab601d34143a47252e43f98334701ef27e0255b5f4347bcc1480f78
-
SHA512
2322213e62d46cd87d51c793fbbda544b48e352ee36a2a7e88936dcf2798a297cdd147e7bfa60feec06f0fff79d33b66c64445123d829b3a67207fa1dbdca3ae
-
SSDEEP
12288:AC8feHMGMwFWSkc01b6nxJb3j0AUO43b54O9z1WLjM8fwqOVhhUjoNmOuOkyE5py:FYoMhwlEbaJr4PO43b53z1bjqOXWjWNR
Static task
static1
Behavioral task
behavioral1
Sample
WaybillDoc_1009893562_pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
WaybillDoc_1009893562_pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.valtronics-ae.com - Port:
587 - Username:
eby@valtronics-ae.com - Password:
YTMIlIR0 - Email To:
eby@valtronics-ae.com
Targets
-
-
Target
WaybillDoc_1009893562_pdf.exe
-
Size
790KB
-
MD5
5ea10085db645a0c943cae3e079c1365
-
SHA1
39477e60fe3a1a0365e36e82988f61aa858b928e
-
SHA256
743e9ab3afececaddd02c6402d7099f7e5c19f54799225f396c6808da207e78a
-
SHA512
241a79d8e137de843c3f053723ac34bc19f6ac4c37060c97f8b9dabb9c75f764330472eae8536dc922179f111ea5070bddfcd98cb8a9047821fcb233b5fac976
-
SSDEEP
24576:EcVZ9QGb2Zz4Ps43botB1bBqIwW3ZNC4Mj:33uOlopbQgpg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-