General
-
Target
Payment Status - NAMI.7z
-
Size
456KB
-
Sample
231204-qmskdsbd87
-
MD5
9ba6135bde4371e031c1c8482cf85585
-
SHA1
2b6b2536068b243d664ec53b4f9ff725e497a53d
-
SHA256
26120c68123e019a9549b2d79c3392854425a24ee6840a965d4141bf5bd0bae8
-
SHA512
fc565986fa3e000ae828eb172c9ecd3524fcc7ab1db8cb88ca7fb41335bfca8b15c553bbfc1f104631a8b3a03f362897f500f85541e6305e290d506cbccc3329
-
SSDEEP
12288:5CbkaPtXp/xZnylQ6JOPlHpEL9lAD5jjD+zypy01UR2F:wbkWZn2xcoo5j51UIF
Static task
static1
Behavioral task
behavioral1
Sample
Payment Status - NAMI.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Payment Status - NAMI.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
Tommyduru8118 - Email To:
[email protected]
Targets
-
-
Target
Payment Status - NAMI.com
-
Size
806KB
-
MD5
3d4646206820c5f3188862f88ec3af59
-
SHA1
fecc92d2e0bdfdd5abe90548dd5ea3235bc7daeb
-
SHA256
e4dcfe552c8f34aa797aebeb9b68988edb50ebf185e67f0b173ef7e8c57685b0
-
SHA512
47b689548b40431c28e184e3c35980a5e6b216f1ed416c37bc1c4c41c7ef9b4aaed4f345fcfde8a91c5564249eaac26a563870f29bc6e662d9f861d80e82cf2a
-
SSDEEP
12288:NWodxz5ZBGx3L9PhcXmBTXp/xqnylQ6J7Pl/pEL9X7cMRKs/H7RhS6KeneSiyyjK:nzFGxL9PhcXIqn2xdo54sjR/ned8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-