General
-
Target
282698e5a19ee6121597b9715a72e3d71630d71cd44d6873316c4d23f63095be
-
Size
477KB
-
Sample
231202-bta7cshc32
-
MD5
9ccdd282a8896cce587a869e2ddeaa0b
-
SHA1
5bbe8916b487136a4ff8f3f0141c72566e8113bb
-
SHA256
282698e5a19ee6121597b9715a72e3d71630d71cd44d6873316c4d23f63095be
-
SHA512
ae21e572d2786cd52e0769b8abdb9ab495ef4a3304c8a286142fc87f86b31f99c71a5c53cb332ee5abccdc4d375d48853825f843dca4728537e8361705b23023
-
SSDEEP
6144:LqVYZ/K8vk0qeBlnyVBd7oPFgptSSwHYwARPHvt+hna4TLW6mWVFXfubARjQ:EuyP0lnW0QSSwJAhYTLxFXfubkQ
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER--GO23B005--DEC 2023.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEW ORDER--GO23B005--DEC 2023.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.asiaparadisehotel.com - Port:
587 - Username:
[email protected] - Password:
^b2ycDldex$@ - Email To:
[email protected]
Targets
-
-
Target
NEW ORDER--GO23B005--DEC 2023.exe
-
Size
623KB
-
MD5
8eab5e4d034fde42eb31add0cb923a97
-
SHA1
ac9f5a051227302049aa5136a26f30a3707db55c
-
SHA256
1be1eb3fc904fc5a9e9e555e3fa4a2b6a5a299917d5afa9a1570079195387fa3
-
SHA512
54f6f28e0ad2ba4cf968fb766d000f97afb851a6886649c7968a39a3e09eff5974455164ba0e43963a1bc5a416b1fabfd6780c55cd794011ea474bd72c2accdb
-
SSDEEP
12288:14uUdaP5mn0llWSQSSKJOzIT5HiSRJ56/:ydaP5mn0llNQN2OzCti2z
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-