General
-
Target
DETAILS AND INVOICE .exe
-
Size
1.5MB
-
Sample
230401-jb4pysgf94
-
MD5
b68d2d763d668c02198d3e7b9790d643
-
SHA1
ac65465f888c83f1ad1697e111273b144d9d6635
-
SHA256
7be800543004524d306ac5da65ba76133ccec42616a06a75de21e8b958693993
-
SHA512
e77526c6af05773362201aff5194b91b304f0136c0a4e342e30576c78e5b539fb18817db6d1f6831eed7d44089dec4c3941f1086fc60c2b86bdde1fe952daa22
-
SSDEEP
24576:br/NMFJMwNTEVSNaDxIefc3Gz/WMbQ6SlAd4HkcUR6Ds5ogeXkC9i8DNnQCIjyx7:baxTf6wlA+PVkCs
Static task
static1
Behavioral task
behavioral1
Sample
DETAILS AND INVOICE .exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DETAILS AND INVOICE .exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.newblessint.top - Port:
587 - Username:
1stguysender@newblessint.top - Password:
K,j[5i~N4.iQ - Email To:
1stguyreciever@newblessint.top
Targets
-
-
Target
DETAILS AND INVOICE .exe
-
Size
1.5MB
-
MD5
b68d2d763d668c02198d3e7b9790d643
-
SHA1
ac65465f888c83f1ad1697e111273b144d9d6635
-
SHA256
7be800543004524d306ac5da65ba76133ccec42616a06a75de21e8b958693993
-
SHA512
e77526c6af05773362201aff5194b91b304f0136c0a4e342e30576c78e5b539fb18817db6d1f6831eed7d44089dec4c3941f1086fc60c2b86bdde1fe952daa22
-
SSDEEP
24576:br/NMFJMwNTEVSNaDxIefc3Gz/WMbQ6SlAd4HkcUR6Ds5ogeXkC9i8DNnQCIjyx7:baxTf6wlA+PVkCs
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-