General
-
Target
25eb6eaa92b7ecfccf496d1259b64fa876f63ea1b0ac4e6b69694ad4d7ee56b3
-
Size
605KB
-
Sample
231204-ve97pada4w
-
MD5
ac8c1188fced20f8ce34309f01fd75eb
-
SHA1
a9fe9981b60a0b31e7fb18439c800361a1b3a55a
-
SHA256
25eb6eaa92b7ecfccf496d1259b64fa876f63ea1b0ac4e6b69694ad4d7ee56b3
-
SHA512
e27089683a20a510a74ffcddcbd89b17d10a5ea95e10c388d7ac0c5cc4c8f360f966ffca4247b187cd898674c78957af2c7cddc221f11d2233becdeda6421297
-
SSDEEP
12288:3mkhV1nasMSW320DgSq1o3GM7ovVvNOyQDYITk/SZMrnrGIzd9:Pr7X0DgSqCGM7od1uzJZMrnrGSd9
Static task
static1
Behavioral task
behavioral1
Sample
order B001.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
order B001.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.huyhoangvn.vn - Port:
587 - Username:
[email protected] - Password:
huyhoangqa123 - Email To:
[email protected]
Targets
-
-
Target
order B001.exe
-
Size
627KB
-
MD5
37f6a0d60cd4f997011d801ccd5801f9
-
SHA1
1d3c69938399f622330b0ea0f44aa293518fc5c8
-
SHA256
cd3561858ad85a86217ecd30e1acc1937c2a2efba5f3fbc2422645fea169dd5f
-
SHA512
470be45e3923ff486827c6fb3eba54e4998851f7e76737c53260cc42a853a306ea68ce1834c3f10def524a3ade2881982c371bb7ebd47b291036f60f85eded34
-
SSDEEP
12288:f45+po2DsuSyr2GJgSqlirGC7ovRxJwyWDYITYRZL0VIAHn8LkYFQ5:e+pJoXGJgSq+GC7oJXyzHVZHn8e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-