General
-
Target
NEW ORDER--GO23B005--DEC 2023.exe
-
Size
623KB
-
Sample
231201-q9s5faac51
-
MD5
8eab5e4d034fde42eb31add0cb923a97
-
SHA1
ac9f5a051227302049aa5136a26f30a3707db55c
-
SHA256
1be1eb3fc904fc5a9e9e555e3fa4a2b6a5a299917d5afa9a1570079195387fa3
-
SHA512
54f6f28e0ad2ba4cf968fb766d000f97afb851a6886649c7968a39a3e09eff5974455164ba0e43963a1bc5a416b1fabfd6780c55cd794011ea474bd72c2accdb
-
SSDEEP
12288:14uUdaP5mn0llWSQSSKJOzIT5HiSRJ56/:ydaP5mn0llNQN2OzCti2z
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER--GO23B005--DEC 2023.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEW ORDER--GO23B005--DEC 2023.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.asiaparadisehotel.com - Port:
587 - Username:
[email protected] - Password:
^b2ycDldex$@ - Email To:
[email protected]
Targets
-
-
Target
NEW ORDER--GO23B005--DEC 2023.exe
-
Size
623KB
-
MD5
8eab5e4d034fde42eb31add0cb923a97
-
SHA1
ac9f5a051227302049aa5136a26f30a3707db55c
-
SHA256
1be1eb3fc904fc5a9e9e555e3fa4a2b6a5a299917d5afa9a1570079195387fa3
-
SHA512
54f6f28e0ad2ba4cf968fb766d000f97afb851a6886649c7968a39a3e09eff5974455164ba0e43963a1bc5a416b1fabfd6780c55cd794011ea474bd72c2accdb
-
SSDEEP
12288:14uUdaP5mn0llWSQSSKJOzIT5HiSRJ56/:ydaP5mn0llNQN2OzCti2z
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-