General
-
Target
bc8767fc3ab5a4e2d11a9118b0d33d448dc829a15e10d88a2ad5d2727b1813e2
-
Size
499KB
-
Sample
231205-df8a2sgh8v
-
MD5
61dac77b8983f470588396455ba71c3c
-
SHA1
75a671866828aea058efba9d5bdd98f56442e811
-
SHA256
bc8767fc3ab5a4e2d11a9118b0d33d448dc829a15e10d88a2ad5d2727b1813e2
-
SHA512
dc62a03cfe580f79379b5b5361ec86187f02f0c0df32b92d9c336a68b9e32591f06960769994840be1af92040007452c90406a1b84127de0b11d27f0d396ff31
-
SSDEEP
12288:PT14VGsygAzWPRktRHLcaOemXduC5uGCTKa:P+VM3qPRktRrnO94C5aKa
Static task
static1
Behavioral task
behavioral1
Sample
PDA STATEMENT.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
PDA STATEMENT.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.adityagroup.co - Port:
587 - Username:
[email protected] - Password:
Aditya!@#$%^ - Email To:
[email protected]
Targets
-
-
Target
PDA STATEMENT.exe
-
Size
517KB
-
MD5
99e05e1f4c3726434476aedddfbe2e3d
-
SHA1
da507c4274759703aa25ca68b9cb01929c129663
-
SHA256
031373e0c892da52577e9eb17ea541a7d874362c9845a3f36ce479c545624e5f
-
SHA512
833328a134028f79afae86426a61abe7ecf1a29e2da39814f3087435d80d19418ffb176b237f9befbbb7f0146f4b7510777ebe35f21052b105b65589fc971186
-
SSDEEP
12288:3GOA/39mIIvL16/WPRAlRHrvXKWdtaFKQ4J66:3GOA/t4jPRAlRLDnIk6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-