General
-
Target
Remittance of $76,000.00-pdf.gz
-
Size
3KB
-
Sample
230602-mnl78abd4t
-
MD5
356d46d40500336b4957b9afee5d8efa
-
SHA1
1176da001c195199b05d3df07f14b2a6f6346fbb
-
SHA256
777530c2f0d12654c4f47b987f2c8bf18b3afd040d4c9057ea37b2d52e423ff5
-
SHA512
53255bed3c17acce701b8444db8a7c5e941d03e97119b4f2cd9a4a54b98e7bd01e3abee10682e1fe15a424c268d2c68a8927943fff34f4fea9873ce10b7ce9ae
Malware Config
Extracted
purecrypter
http://85.31.45.42/Hmumry.png
Extracted
agenttesla
Protocol: smtp- Host:
mail.keefort.com.ec - Port:
587 - Username:
[email protected] - Password:
u=Wa6eChU3nj - Email To:
[email protected]
Targets
-
-
Target
Remittance of $76,000.00.exe
-
Size
7KB
-
MD5
35004f2270d99d582de6c138614e602c
-
SHA1
726df09a779ac8d2cb23e0ff3e5aca32b5a7874e
-
SHA256
b828fabbbc217d50542d19c8f8fb2b49c924f7a0cc6cbbc404e4439063febe51
-
SHA512
4eb17d42c3c2b9a4299153784690dd2030a5a7572bc5f34e3038392ea5dc881f2f962777f0dea28a1cef59c8012a670c547d4dbcbc1a98c37ba785f984fcd9f8
-
SSDEEP
192:li64f60lNCQEeL+57HNCx0L0Lyfzn5G9:L4f9oveL+5rNCqL0LyfzE
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-