General
-
Target
7d9999594357716bf5765f4ef49713dbbe39022ca58a32bee52c58573add6bf0
-
Size
808KB
-
Sample
231206-bexrtahf63
-
MD5
10c7d7702e5b997809d2eacbc79d8681
-
SHA1
66ec83398a378719289e2e3e39345689af14599c
-
SHA256
7d9999594357716bf5765f4ef49713dbbe39022ca58a32bee52c58573add6bf0
-
SHA512
7c68207d8bb4aa5c6e4ab4d6d5924b9f83e78e8a44cf11b0b2d8cd377ab461903bdc4b5b5d818237fde91f01317e680696df4eab2ad9e48c9c760754836c2f47
-
SSDEEP
12288:k2GAczHQ4fzRpSNAZ+OTuUa8n+23S6KXuf1tdw64BIeC+YnEc5ZCNXwPH2gKzLNk:YzHQ2tpt+OB+IwE1t3nLte8HiBfj/3E
Static task
static1
Behavioral task
behavioral1
Sample
Commerce registration-172301539 + Pro-Forma Invoice.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Commerce registration-172301539 + Pro-Forma Invoice.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.issltd.org - Port:
587 - Username:
[email protected] - Password:
iss123 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.issltd.org - Port:
587 - Username:
[email protected] - Password:
iss123
Targets
-
-
Target
Commerce registration-172301539 + Pro-Forma Invoice.exe
-
Size
857KB
-
MD5
64baca6856ba84fe379eb4d720859edc
-
SHA1
a234caa5425fcbc4e783dd00722156e533bd6def
-
SHA256
ab3eb849490834407657e205832591cfa3c3504ed9373bf53396015d62b9e549
-
SHA512
53449f2ed2e397adadb3a48d561c864734961c40392c2f8f3a8ed6c84afd6db8008fc633405a065cc07a51f8396015f7bb8b3b7c1c4cb8aecbbc1a588b5d53db
-
SSDEEP
12288:DO5nF8pREGHTbSGWJ7Usocar3S6KMvbPt1w6+BIe4+YnKc5lCzXwPH2gYDMID:Km39s2LwMzPtNPLPe8H6MI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-