General
-
Target
4b0d12770ae9e50bfee40b243e866856.bin
-
Size
417KB
-
Sample
230331-bqfyfahe2y
-
MD5
642184a5690e8b69c33a388a886d5d8a
-
SHA1
464fecb1334bc2900e9497d4e11c966feac49818
-
SHA256
69275205a8721ccee51294bd0f2772e8161c05def135d69c5b39c4498fdf76c8
-
SHA512
9d31cf8d164a8d58136af160776565510517f94a2c1a3aa3c7fe2c75b37cf4b65836591738302e4488ebd4ffabac30f15d7be35823912a9852f9f4d02fb04f34
-
SSDEEP
12288:gOvpIwc1gvkeTU9hbSuh6b33xoXUHl91TxKrXQ:gOBIwcgke42Rb33xNnxoE
Static task
static1
Behavioral task
behavioral1
Sample
062d63753da1e0a1bb4af007aec07aa637cb682ae22c5bd933115340656739b7.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
062d63753da1e0a1bb4af007aec07aa637cb682ae22c5bd933115340656739b7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ljmaintenancesvcs.com.sg - Port:
587 - Username:
steven@ljmaintenancesvcs.com.sg - Password:
Steven@12345 - Email To:
bibauc20@gmail.com
Extracted
Protocol: smtp- Host:
mail.ljmaintenancesvcs.com.sg - Port:
587 - Username:
steven@ljmaintenancesvcs.com.sg - Password:
Steven@12345
Targets
-
-
Target
062d63753da1e0a1bb4af007aec07aa637cb682ae22c5bd933115340656739b7.exe
-
Size
574KB
-
MD5
4b0d12770ae9e50bfee40b243e866856
-
SHA1
52d99896c140b4813d88d77a9f089ddccdc89700
-
SHA256
062d63753da1e0a1bb4af007aec07aa637cb682ae22c5bd933115340656739b7
-
SHA512
356fa2cb782b6c6a12dd25acce0447fffcb3fb960703a32646f9ae98feebe236288d4297be514165753f89c2de353d571437046b10f1d8a6de4ac5c775eb722f
-
SSDEEP
6144:gHZ2sQ9UdlV75AX3ER9x+7jSJ+goAAVEqYbImOh/ckvKz9akF9RRWUZ0ulKCXV:gHZ2sQ9UfNOkTtB6cChWskFLgUZ0ulZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-