General
-
Target
HSBC_093843_92343.pdf.exe
-
Size
765KB
-
Sample
231201-hm25tsfg6s
-
MD5
e09099905a06bf6c0c26c3b5ceb2f8f1
-
SHA1
993fca0bde00e85ef9714a8f17b39c5c1aa86900
-
SHA256
9f4ff6a61fea6fc87d56dc8dc274522d38e34255ccdb39a6888686b920ec5ac0
-
SHA512
b4ee68c40eb97fb948f2c1c75fa6f21e828979d7ce80f90d21fa844e3c871e0a99dba2bbde4ea1c6efafedb4dde108f63cce5abb6331a65aa85fec34041002b7
-
SSDEEP
12288:+C5pJHIvppx3Wwmb8hGHCGNn8ZNq29jg3EkvSB0Uvzixd66kJif0yFD:1pJwgDHfRINX96EGSWizixlKI
Static task
static1
Behavioral task
behavioral1
Sample
HSBC_093843_92343.pdf.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
HSBC_093843_92343.pdf.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.defalife.com.tr - Port:
587 - Username:
[email protected] - Password:
Defalife.124578 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.defalife.com.tr - Port:
587 - Username:
[email protected] - Password:
Defalife.124578
Targets
-
-
Target
HSBC_093843_92343.pdf.exe
-
Size
765KB
-
MD5
e09099905a06bf6c0c26c3b5ceb2f8f1
-
SHA1
993fca0bde00e85ef9714a8f17b39c5c1aa86900
-
SHA256
9f4ff6a61fea6fc87d56dc8dc274522d38e34255ccdb39a6888686b920ec5ac0
-
SHA512
b4ee68c40eb97fb948f2c1c75fa6f21e828979d7ce80f90d21fa844e3c871e0a99dba2bbde4ea1c6efafedb4dde108f63cce5abb6331a65aa85fec34041002b7
-
SSDEEP
12288:+C5pJHIvppx3Wwmb8hGHCGNn8ZNq29jg3EkvSB0Uvzixd66kJif0yFD:1pJwgDHfRINX96EGSWizixlKI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-