General
-
Target
c6ea1ac6ac2fe6fa1fe8728c9ecff5f15ee4a8306fc471baf2f04e0e293739b0
-
Size
449KB
-
Sample
231204-tsga4acf78
-
MD5
7292d88884dfb80fb5d3ed7705a4a328
-
SHA1
c77b477456391aa91c36bdef84d9f330a38d32c5
-
SHA256
c6ea1ac6ac2fe6fa1fe8728c9ecff5f15ee4a8306fc471baf2f04e0e293739b0
-
SHA512
7b928ccc7dc9fbcb87ee4d1416a90271b00840de20281f5a2e4c6a7caea96220084b7e434cb0b52ae3ae7ddbd4504e1728dcc5b68712c41a73b5fb2906cd16e6
-
SSDEEP
12288:34SlxQVv9tXk0kn8Ix+xf1wbSCmEzB4tkU5:34aAXmnxoJ1t/eoV5
Static task
static1
Behavioral task
behavioral1
Sample
Blast E&I Supplies & Services, LLC Statement of Account PDF.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Blast E&I Supplies & Services, LLC Statement of Account PDF.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.activegroup.com.sg - Port:
587 - Username:
[email protected] - Password:
active7244
Targets
-
-
Target
Blast E&I Supplies & Services, LLC Statement of Account PDF.exe
-
Size
476KB
-
MD5
80c8442c33ad9f34b8c1fea06d0e3b97
-
SHA1
29120925c1e77739043c967c28d8b527ceca89de
-
SHA256
32e78542acc7b2bf144e1643c857b42f26275f78ac8411dea741159467d47573
-
SHA512
d362d2a1a57d30a8d7f8610256e448c187c56808da6411d7cd73d2925a16dadf75293ffae4abadec1da5ca8f0d180b4f0956809feb8cde6b7287f215a78550d8
-
SSDEEP
12288:xeLlxymPaHjAIFF3/IW9bQ8XjwbICmhNKk/f:xe/ymPTIFqWTx/hNKkf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-