General
-
Target
PDF.exe
-
Size
711KB
-
Sample
231205-hyrs8saa49
-
MD5
72974b75ad00da73e07b976b73c5afb6
-
SHA1
094208c0eedb674553d1b7c0a99e46599d75acff
-
SHA256
faf02d9acd5877e620c4fb200895a1306a555baedc6b5e7072a4928a1a39a20a
-
SHA512
e708b48b2fabbe96eb78e0021dba6acb63078c413a0ad9063f6204c36357a867da9e883e02f7c1def0a5a6ec7a2596cfedda715beb483691b4434725f440d851
-
SSDEEP
12288:j/bwLijBoKwyg+ldzxhPD4eu6fvLSReBFmPbSCcWCODgNjsyrroyVMx:jDKzyjlntS6GReuVvDgNjsyno
Static task
static1
Behavioral task
behavioral1
Sample
PDF.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
PDF.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mailo.com - Port:
587 - Username:
[email protected] - Password:
Bignosa1995 - Email To:
[email protected]
Targets
-
-
Target
PDF.exe
-
Size
711KB
-
MD5
72974b75ad00da73e07b976b73c5afb6
-
SHA1
094208c0eedb674553d1b7c0a99e46599d75acff
-
SHA256
faf02d9acd5877e620c4fb200895a1306a555baedc6b5e7072a4928a1a39a20a
-
SHA512
e708b48b2fabbe96eb78e0021dba6acb63078c413a0ad9063f6204c36357a867da9e883e02f7c1def0a5a6ec7a2596cfedda715beb483691b4434725f440d851
-
SSDEEP
12288:j/bwLijBoKwyg+ldzxhPD4eu6fvLSReBFmPbSCcWCODgNjsyrroyVMx:jDKzyjlntS6GReuVvDgNjsyno
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-