General
-
Target
PI.rar
-
Size
765KB
-
Sample
230328-v1emxacc23
-
MD5
e2c4b9c6a90e9d93775706a91391021a
-
SHA1
20d221372b3d31448109a15da1dc4112d1bc49b2
-
SHA256
25093e6d7e4a3a4132d91a2bc489446cdbab96d66a27614524e0d7722d16a770
-
SHA512
52bf5792de7455beb60c7132768bbb2b317b793bf74959cbf20d31cbe3f036cc085eb8fcbeb91de4a09f5402eaf8c5158a989957ee55ae472259b0b41071f2ba
-
SSDEEP
12288:5F1Rzo4AVv+xaD3RMUtUazUnTO4qGA9FzhsR85FwTzNwSenRn8tKDfBuHdm8F:c4AVGxM3sSUjqGOFzmyg/SSaFBzBuHd3
Static task
static1
Behavioral task
behavioral1
Sample
PI.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PI.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rapidcheckng.com - Port:
587 - Username:
rapidcheck@rapidcheckng.com - Password:
@Rapidcheckng# - Email To:
ebukafale2@gmail.com
Targets
-
-
Target
PI.exe
-
Size
907KB
-
MD5
d9e811c5106c17f981dbd332430be485
-
SHA1
7a2e5eb9581a3c624c4557c98704231ef05e2b6a
-
SHA256
b2ce7ceab077d4acc80f9af0b23024ded5c8c52512ba8e5165fe7319cd4a5f6c
-
SHA512
c3660e432f870cbc0b0abdfbb20291541bdb24fcb3ea0ca1a9528594523f02a6a17fdf0f027dbf0dfda037004945ea55175dbf97a39472dda0922133f1048b74
-
SSDEEP
12288:UmCXKdJVZz5dacFOqX+xo+cp9iyRPxQGsGzIsy3UdixuI7rso7suKHHo2oocDlic:UmrVZ9Ua5/pkuxQxGYHuI7rsssXHsB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-