General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.15872.18159.exe
-
Size
733KB
-
Sample
231201-rny91aad56
-
MD5
bb3154deaa6ca591e3fbc500413cd7ac
-
SHA1
c75855e2d2adf272a761256feb89688fb9154dff
-
SHA256
838f85e54553bfa5d9d22fc3a2a4348034ff566ea0c5268853b81ab976ee45de
-
SHA512
58a21c9c32a9f91fb0625c701c4f1447e531624cac71273056c30189a92a795c889198427a54a64921a2d834865578aea4eed02fc5f285d3bd97db6796b84858
-
SSDEEP
12288:KIe6QH05HCmtbC+GBxhBWgxRaA9xEm4E8rQWKnn4lISR3Zg4M:0HACmh7GB3BWdU+e88n4lISR3
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.15872.18159.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.15872.18159.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Lover boy @123 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Lover boy @123
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.15872.18159.exe
-
Size
733KB
-
MD5
bb3154deaa6ca591e3fbc500413cd7ac
-
SHA1
c75855e2d2adf272a761256feb89688fb9154dff
-
SHA256
838f85e54553bfa5d9d22fc3a2a4348034ff566ea0c5268853b81ab976ee45de
-
SHA512
58a21c9c32a9f91fb0625c701c4f1447e531624cac71273056c30189a92a795c889198427a54a64921a2d834865578aea4eed02fc5f285d3bd97db6796b84858
-
SSDEEP
12288:KIe6QH05HCmtbC+GBxhBWgxRaA9xEm4E8rQWKnn4lISR3Zg4M:0HACmh7GB3BWdU+e88n4lISR3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-