General
-
Target
NEW PO - 4610926543.exe
-
Size
785KB
-
Sample
230609-lqgj3sce81
-
MD5
440cd930743d1b0c91c6d7396eaf23e0
-
SHA1
f2cbcde2047dbba83c4ba61543c1a10e4286cafc
-
SHA256
65370cfa1e08f458d53cb661cf02054d9324f155a7bbf6505b4da5c2f9492385
-
SHA512
997d4f9e3649d6daff61b54da347e4c79e61ecc8000ce57219800db7222c7dbded6ee2a59e93f71fd1650cf1fa7ca594cb22cdb9a04ac3f6a8e21b211ee48148
-
SSDEEP
24576:50biRoSErVxIE5+wqAWxE3YSKeE6xna9I6vfY:5y4oRrjIw3qjnReP+vfY
Static task
static1
Behavioral task
behavioral1
Sample
NEW PO - 4610926543.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
NEW PO - 4610926543.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.nutiribio.com - Port:
587 - Username:
[email protected] - Password:
zGNVO(l5 - Email To:
[email protected]
Targets
-
-
Target
NEW PO - 4610926543.exe
-
Size
785KB
-
MD5
440cd930743d1b0c91c6d7396eaf23e0
-
SHA1
f2cbcde2047dbba83c4ba61543c1a10e4286cafc
-
SHA256
65370cfa1e08f458d53cb661cf02054d9324f155a7bbf6505b4da5c2f9492385
-
SHA512
997d4f9e3649d6daff61b54da347e4c79e61ecc8000ce57219800db7222c7dbded6ee2a59e93f71fd1650cf1fa7ca594cb22cdb9a04ac3f6a8e21b211ee48148
-
SSDEEP
24576:50biRoSErVxIE5+wqAWxE3YSKeE6xna9I6vfY:5y4oRrjIw3qjnReP+vfY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-