General
-
Target
payment.exe
-
Size
602KB
-
Sample
230403-hrhlzsdc69
-
MD5
d4bef4b07059e137cb445ad46607a039
-
SHA1
f9b52054c5020f0a6bc30ad369a0dbf06c9e3c16
-
SHA256
66f84a9485233c4126143d575a7d5d754721f963e71069a9456399c601af2ea8
-
SHA512
1551c4bdcbdec278473e3bb01d4d0dfffbc2af9d6c1938e54a403db431cb7ab22b0b0f96d51c365e0a003a585e29cc4eb868624a16b0e3dfbe32665edd18dfe1
-
SSDEEP
6144:nYlCTy6dfHrM0oyvqwVns5DnfuqpPhlpImWwhdGC7dAvTxxJn5I4h22cqnCBtVuv:nYlCTz/riyywVnmp5lBKC7Wjzg2cv0v
Static task
static1
Behavioral task
behavioral1
Sample
payment.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
payment.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.exceltruea.com - Port:
587 - Username:
[email protected] - Password:
bl es si ng 2 0 2 3 - Email To:
[email protected]
Targets
-
-
Target
payment.exe
-
Size
602KB
-
MD5
d4bef4b07059e137cb445ad46607a039
-
SHA1
f9b52054c5020f0a6bc30ad369a0dbf06c9e3c16
-
SHA256
66f84a9485233c4126143d575a7d5d754721f963e71069a9456399c601af2ea8
-
SHA512
1551c4bdcbdec278473e3bb01d4d0dfffbc2af9d6c1938e54a403db431cb7ab22b0b0f96d51c365e0a003a585e29cc4eb868624a16b0e3dfbe32665edd18dfe1
-
SSDEEP
6144:nYlCTy6dfHrM0oyvqwVns5DnfuqpPhlpImWwhdGC7dAvTxxJn5I4h22cqnCBtVuv:nYlCTz/riyywVnmp5lBKC7Wjzg2cv0v
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-