General
-
Target
New Order RFQ.arj
-
Size
620KB
-
Sample
231201-l6zetsgh77
-
MD5
3dce31588f36cc53702ecbd7fcb24b57
-
SHA1
4ca326b0e696b6e3ec1913bbbd9701e64d50d5fb
-
SHA256
62e2a845e8687a9b22c8c31ee0cd282ea80cec36ec7e93003525b7d27d9e7123
-
SHA512
2f31c112665280e2c9e9ed8027d81d7044d5619469050879cb4e5275a48a3d0b0e9c9249a609a362eb47cb6a8ae55f304ae8f7b592d9d2098ebdd450b6347d2c
-
SSDEEP
12288:9IfEtQ8Wo9LR+o39sp5zDidT8VsxuhXfkXWilO6DiKLNaxvAioU0ffWCN:u3ULR+Dp5DidTosoXaWiN5Ix4DU0feCN
Static task
static1
Behavioral task
behavioral1
Sample
Report.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Report.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.trisquarespl.com - Port:
587 - Username:
[email protected] - Password:
vphYSHb*2 - Email To:
[email protected]
Targets
-
-
Target
Report.exe
-
Size
716KB
-
MD5
88e3289cd07d44b57f43af8c144db4dc
-
SHA1
e58d2886490dbb84e06c8d826fd3d9bbbd1276a1
-
SHA256
3540c1be8ab6e0eee1c27d3c5ef243953f986f0bf0e333da9a1b7012a01ee0c2
-
SHA512
50666c22d1c075833045b86a48076370d41ddbc1a3fb7afda3745d9860d8b8f8fe7a9cbc5ce1e9ba155a92a878bafb6ccf53297154ab9cf2d634c9a7f042e50d
-
SSDEEP
12288:imdI0sPziy+9tl/q/LkoIV99g0i556t3+aMuaigGP8pXDdRYUgn9Z9g5:im779GLkoIfe0i5564aB3D8dfYNm5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-