General
-
Target
LAMCHUANQ710901.pdf.exe
-
Size
1024KB
-
Sample
231204-wdgpesdh6y
-
MD5
8412a2cceb09519e18c3419df99efbad
-
SHA1
33fdcdd1ea11818c2928d80c52e786b0cca9e522
-
SHA256
7318815c5eed7085d6d336406e6c3255a23e255f5caa954b6b1b4549b7519701
-
SHA512
b81f90357485356ec5b678e19d41359db65e5b9f328a9d94d4d76fbecee5286cffbce4ce95c9dd7109044fe95b37abcfee6bae443930f22e5cc218808b849d8d
-
SSDEEP
24576:RBm634/up+pJtwFbGyArZTDOYDD/ckaCFUBkMIHpDqDDBi:RX38PJtw5Ag6D/6CFMkzpDH
Static task
static1
Behavioral task
behavioral1
Sample
LAMCHUANQ710901.pdf.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
LAMCHUANQ710901.pdf.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6439280362:AAFxJ6Gm_hfG3MYnjXvw0e4QQEIFTsOjkuk/
Targets
-
-
Target
LAMCHUANQ710901.pdf.exe
-
Size
1024KB
-
MD5
8412a2cceb09519e18c3419df99efbad
-
SHA1
33fdcdd1ea11818c2928d80c52e786b0cca9e522
-
SHA256
7318815c5eed7085d6d336406e6c3255a23e255f5caa954b6b1b4549b7519701
-
SHA512
b81f90357485356ec5b678e19d41359db65e5b9f328a9d94d4d76fbecee5286cffbce4ce95c9dd7109044fe95b37abcfee6bae443930f22e5cc218808b849d8d
-
SSDEEP
24576:RBm634/up+pJtwFbGyArZTDOYDD/ckaCFUBkMIHpDqDDBi:RX38PJtw5Ag6D/6CFMkzpDH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-