General
-
Target
payment.r15.rar
-
Size
410KB
-
Sample
230403-kgz5dsdf72
-
MD5
2cb87ffa452f6e2bb5949b39e243bad7
-
SHA1
df0437f5ecf3da72a5c2509d51af086ced1f1bcd
-
SHA256
db1081c1a75421b9b57add6984d4bc694fb160aa80a1657a43acb3810dc20a81
-
SHA512
cde446bf92b7ed0e35f90166795ce443fd758f3fc3d0d364637e4b527e4f95436b17f752ee344ae28ef282d4695b6f9ea16a785395331976c8c49be61f64a192
-
SSDEEP
12288:+Dmne+9VXCcetsvin49N5WmshLUV4GWMiXu9e+:ne+9VX/an8WmqL2iXuU+
Static task
static1
Behavioral task
behavioral1
Sample
payment.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
payment.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.exceltruea.com - Port:
587 - Username:
[email protected] - Password:
bl es si ng 2 0 2 3 - Email To:
[email protected]
Targets
-
-
Target
payment.exe
-
Size
602KB
-
MD5
d4bef4b07059e137cb445ad46607a039
-
SHA1
f9b52054c5020f0a6bc30ad369a0dbf06c9e3c16
-
SHA256
66f84a9485233c4126143d575a7d5d754721f963e71069a9456399c601af2ea8
-
SHA512
1551c4bdcbdec278473e3bb01d4d0dfffbc2af9d6c1938e54a403db431cb7ab22b0b0f96d51c365e0a003a585e29cc4eb868624a16b0e3dfbe32665edd18dfe1
-
SSDEEP
6144:nYlCTy6dfHrM0oyvqwVns5DnfuqpPhlpImWwhdGC7dAvTxxJn5I4h22cqnCBtVuv:nYlCTz/riyywVnmp5lBKC7Wjzg2cv0v
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-