General
-
Target
PI.exe
-
Size
907KB
-
Sample
230328-v1eb5sdh21
-
MD5
d9e811c5106c17f981dbd332430be485
-
SHA1
7a2e5eb9581a3c624c4557c98704231ef05e2b6a
-
SHA256
b2ce7ceab077d4acc80f9af0b23024ded5c8c52512ba8e5165fe7319cd4a5f6c
-
SHA512
c3660e432f870cbc0b0abdfbb20291541bdb24fcb3ea0ca1a9528594523f02a6a17fdf0f027dbf0dfda037004945ea55175dbf97a39472dda0922133f1048b74
-
SSDEEP
12288:UmCXKdJVZz5dacFOqX+xo+cp9iyRPxQGsGzIsy3UdixuI7rso7suKHHo2oocDlic:UmrVZ9Ua5/pkuxQxGYHuI7rsssXHsB
Static task
static1
Behavioral task
behavioral1
Sample
PI.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PI.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rapidcheckng.com - Port:
587 - Username:
rapidcheck@rapidcheckng.com - Password:
@Rapidcheckng# - Email To:
ebukafale2@gmail.com
Targets
-
-
Target
PI.exe
-
Size
907KB
-
MD5
d9e811c5106c17f981dbd332430be485
-
SHA1
7a2e5eb9581a3c624c4557c98704231ef05e2b6a
-
SHA256
b2ce7ceab077d4acc80f9af0b23024ded5c8c52512ba8e5165fe7319cd4a5f6c
-
SHA512
c3660e432f870cbc0b0abdfbb20291541bdb24fcb3ea0ca1a9528594523f02a6a17fdf0f027dbf0dfda037004945ea55175dbf97a39472dda0922133f1048b74
-
SSDEEP
12288:UmCXKdJVZz5dacFOqX+xo+cp9iyRPxQGsGzIsy3UdixuI7rso7suKHHo2oocDlic:UmrVZ9Ua5/pkuxQxGYHuI7rsssXHsB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-