General
-
Target
DHL Commercial Invoice.exe
-
Size
742KB
-
Sample
231127-m7zbwsgb31
-
MD5
493dc5f5c7e6e220bfcd5a10aeb37d28
-
SHA1
3d61a6b86554b6b4192338cd218a2585b10f440c
-
SHA256
9ab373c6892a6232262c29c5522cb142432566aa09f86898a18282c9be074bb4
-
SHA512
b8f7311e24b6af5d663482937b6504315ff2f4ba6a47f32ba0c522d5b85b2f9ba87b8f9c4ef89268900883c340b5c6d29e9186d1e3442a5453d6f595a05506eb
-
SSDEEP
12288:ZOhfk8H2iNSR2Xqhs4pwlUduNsymtf1E9Jssdk0g8zBCI5tqD83ZE6jD/VyrZFKl:ZOh88H1bq1pjsKyjdk0g8TtqD83ZtD/
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
amen@graceofgod@
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
amen@graceofgod@ - Email To:
[email protected]
Targets
-
-
Target
DHL Commercial Invoice.exe
-
Size
742KB
-
MD5
493dc5f5c7e6e220bfcd5a10aeb37d28
-
SHA1
3d61a6b86554b6b4192338cd218a2585b10f440c
-
SHA256
9ab373c6892a6232262c29c5522cb142432566aa09f86898a18282c9be074bb4
-
SHA512
b8f7311e24b6af5d663482937b6504315ff2f4ba6a47f32ba0c522d5b85b2f9ba87b8f9c4ef89268900883c340b5c6d29e9186d1e3442a5453d6f595a05506eb
-
SSDEEP
12288:ZOhfk8H2iNSR2Xqhs4pwlUduNsymtf1E9Jssdk0g8zBCI5tqD83ZE6jD/VyrZFKl:ZOh88H1bq1pjsKyjdk0g8TtqD83ZtD/
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-