General
-
Target
price request .exe
-
Size
522KB
-
Sample
231204-k42lqsab55
-
MD5
e982efe6f8a7f422bc6c6d990b86f43d
-
SHA1
430dbd8e9b6457c2866b5b8341826a09596afa21
-
SHA256
fa1263a8e9dea6c3fa9dce2ca23f8f235f8821446eb5089574c706c37db54442
-
SHA512
b99670ad2e7922b53ac44ffc60b6627eb0bf5faffdf78b898d21f44c30114f62edee717a2f9085dc3c2cc0bff3def579063ef482418b7f502b2494730707be1b
-
SSDEEP
12288:ZaWwYqkpp8KKQCr2j/xdsnKODz9xyGamW1MMv:oWDx5fj/xqn9x/amAMe
Static task
static1
Behavioral task
behavioral1
Sample
price request .exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
price request .exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.jib-techs.com - Port:
587 - Username:
[email protected] - Password:
ysOqqhK8
Extracted
agenttesla
Protocol: smtp- Host:
smtp.jib-techs.com - Port:
587 - Username:
[email protected] - Password:
ysOqqhK8 - Email To:
[email protected]
Targets
-
-
Target
price request .exe
-
Size
522KB
-
MD5
e982efe6f8a7f422bc6c6d990b86f43d
-
SHA1
430dbd8e9b6457c2866b5b8341826a09596afa21
-
SHA256
fa1263a8e9dea6c3fa9dce2ca23f8f235f8821446eb5089574c706c37db54442
-
SHA512
b99670ad2e7922b53ac44ffc60b6627eb0bf5faffdf78b898d21f44c30114f62edee717a2f9085dc3c2cc0bff3def579063ef482418b7f502b2494730707be1b
-
SSDEEP
12288:ZaWwYqkpp8KKQCr2j/xdsnKODz9xyGamW1MMv:oWDx5fj/xqn9x/amAMe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-