General
-
Target
35810114be09cbff1853a26303c0a63534706e7230e96cae85ed47cf59f48f5d
-
Size
672KB
-
Sample
231203-tsbevach9w
-
MD5
bc02fdf935f752cbc5a00a8a1d41c985
-
SHA1
40557de086ffc8011f39791b4b0551ea6a68807d
-
SHA256
35810114be09cbff1853a26303c0a63534706e7230e96cae85ed47cf59f48f5d
-
SHA512
77961b2c9744fbb973b3fe3aaea9892032b5ba3e1aabda3f5af7c0d0924657ca29661040fa57c47e564c99cdfaaaebdc69fdaf65d28c8cbd0135831965936c91
-
SSDEEP
12288:KfGzCdLTIBNAWkbIZVT3gW1Tvok4jyqZxdIjjML+bkKumuSioPhSj:SGz6kLkbIfJtALyq1IjMKuGiopU
Static task
static1
Behavioral task
behavioral1
Sample
Shipping commercial invoice #2303005328.pdf.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
Shipping commercial invoice #2303005328.pdf.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Lover boy @123 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Lover boy @123
Targets
-
-
Target
Shipping commercial invoice #2303005328.pdf.exe
-
Size
690KB
-
MD5
e14c400a70aec81294d34f30eb122d1a
-
SHA1
943c1c2c4cc4226b35f9cf42c242db6d31692ec2
-
SHA256
4f893beea3529fc97caa4ead82e921233ba8f4c17f4f00767f667f51949f94a5
-
SHA512
e4bef66cebdbcb8ecc1411a6f9bd462b9a785ede24bb6d28287f8434c25711001615c54b67c18e2a6669c01663159141fa87d753be0edab056e200dd53856acf
-
SSDEEP
12288:f2iNtISmEjirr4ZOT1snVSUgOULOz/lI3pazh9oNFhrjDG+s8Ey5:f1jiraOT1MVfgLm/lI3pakNrjx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-