General
-
Target
DETAILS AND INVOICE.exe
-
Size
1.9MB
-
Sample
230330-p2b1hscf78
-
MD5
d22ddd0b41c522e471a7df51c08de119
-
SHA1
614c7564049869d04795087cf6937d2c6c312451
-
SHA256
d104a9413ee081463431a8f5c4493b7a13f34309a99c8fae86a593f0dfbb42ad
-
SHA512
142afaae0027c6ab3a123e43296a54f8eef1c4d57df936b6176396b699cbd50e5a9f2b37b830e9785c106a3434f212f8be04469edea0618a20f42b7e97f8812a
-
SSDEEP
24576:pZUeJY2ny/v/LtGZsYjot0d68fKnPTEWuO7KOyOjZa9kfK7V8dhwXlMVUm8R835+:rH2rF/Lq6e
Static task
static1
Behavioral task
behavioral1
Sample
DETAILS AND INVOICE.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DETAILS AND INVOICE.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.newblessint.top - Port:
587 - Username:
[email protected] - Password:
K,j[5i~N4.iQ - Email To:
[email protected]
Targets
-
-
Target
DETAILS AND INVOICE.exe
-
Size
1.9MB
-
MD5
d22ddd0b41c522e471a7df51c08de119
-
SHA1
614c7564049869d04795087cf6937d2c6c312451
-
SHA256
d104a9413ee081463431a8f5c4493b7a13f34309a99c8fae86a593f0dfbb42ad
-
SHA512
142afaae0027c6ab3a123e43296a54f8eef1c4d57df936b6176396b699cbd50e5a9f2b37b830e9785c106a3434f212f8be04469edea0618a20f42b7e97f8812a
-
SSDEEP
24576:pZUeJY2ny/v/LtGZsYjot0d68fKnPTEWuO7KOyOjZa9kfK7V8dhwXlMVUm8R835+:rH2rF/Lq6e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-