General
-
Target
DETAILS AND INVOICE .img
-
Size
1.6MB
-
Sample
230401-jb4pysgf93
-
MD5
2a2e4d3b558e79fd71b4d0b0029e69f0
-
SHA1
a2643efc0b77701afbeea2f20df9d4727e1b1926
-
SHA256
687e2e12664640a983215bd758c70cb0c1c89a7eb80e136700682e65070c7148
-
SHA512
1c125ca08d6adaacba5f3ded01416faae884fdc3812d0cbb32ad897e47dc4464a87df0891f3c644562c759cc143d88d5c0c6cf69a3b8b492b8a0af91b84abb10
-
SSDEEP
24576:Wr/NMFJMwNTEVSNaDxIefc3Gz/WMbQ6SlAd4HkcUR6Ds5ogeXkC9i8DNnQCIjyx7:WaxTf6wlA+PVkCs
Static task
static1
Behavioral task
behavioral1
Sample
DETAILS AND INVOICE .exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DETAILS AND INVOICE .exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.newblessint.top - Port:
587 - Username:
1stguysender@newblessint.top - Password:
K,j[5i~N4.iQ - Email To:
1stguyreciever@newblessint.top
Targets
-
-
Target
DETAILS AND INVOICE .exe
-
Size
1.5MB
-
MD5
b68d2d763d668c02198d3e7b9790d643
-
SHA1
ac65465f888c83f1ad1697e111273b144d9d6635
-
SHA256
7be800543004524d306ac5da65ba76133ccec42616a06a75de21e8b958693993
-
SHA512
e77526c6af05773362201aff5194b91b304f0136c0a4e342e30576c78e5b539fb18817db6d1f6831eed7d44089dec4c3941f1086fc60c2b86bdde1fe952daa22
-
SSDEEP
24576:br/NMFJMwNTEVSNaDxIefc3Gz/WMbQ6SlAd4HkcUR6Ds5ogeXkC9i8DNnQCIjyx7:baxTf6wlA+PVkCs
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-