General
-
Target
Invoive Ningbo.exe
-
Size
1.1MB
-
Sample
231205-lycabsaf92
-
MD5
a3fab3e88799e72baefbc47e35beea4c
-
SHA1
fd2dd3ead13b5dba83bcc923102e29fda19ef273
-
SHA256
d11d805c3dab49566aad8dfe6d9bbd1c206918980870792ed9d496e8836aefe6
-
SHA512
bd4f26df04ee36788ca0f4db22604f72d9a99ea4b59f25b3d9afab56b9538cdf647e4bfb7595882ef35a8f82f487d7dbfe2b86b4b7fb1f6b67185e8603965122
-
SSDEEP
24576:kWgtD/61INy65I1JByDr/YsR2s8vqiQrUTOqofIlhChgdgm:Q6KNbqBirXwvqzrUT7ofIlohsgm
Static task
static1
Behavioral task
behavioral1
Sample
Invoive Ningbo.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Invoive Ningbo.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
Kene123456789 - Email To:
[email protected]
Targets
-
-
Target
Invoive Ningbo.exe
-
Size
1.1MB
-
MD5
a3fab3e88799e72baefbc47e35beea4c
-
SHA1
fd2dd3ead13b5dba83bcc923102e29fda19ef273
-
SHA256
d11d805c3dab49566aad8dfe6d9bbd1c206918980870792ed9d496e8836aefe6
-
SHA512
bd4f26df04ee36788ca0f4db22604f72d9a99ea4b59f25b3d9afab56b9538cdf647e4bfb7595882ef35a8f82f487d7dbfe2b86b4b7fb1f6b67185e8603965122
-
SSDEEP
24576:kWgtD/61INy65I1JByDr/YsR2s8vqiQrUTOqofIlhChgdgm:Q6KNbqBirXwvqzrUT7ofIlohsgm
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-