General
-
Target
f188d525437f53c68b42460687fa4596eacaec3d42b90959561cda68074614c1
-
Size
748KB
-
Sample
231206-bpcvdshg58
-
MD5
8eddc22cb16bace3e27d3e66d9cdee41
-
SHA1
5c7aa97f21103710a79773bbdfd4da6962584205
-
SHA256
f188d525437f53c68b42460687fa4596eacaec3d42b90959561cda68074614c1
-
SHA512
09cc99f9f6ec4bcabecf6e476b9f2dbda0f1fdcf29296af67c3db7430989ae06c260c6148b527e6643293189f8b8501a96175db7502a45342448bf9f0cfe23b8
-
SSDEEP
12288:E6zhrgD/oKdVUifM2f2076Jp79USGFEdVmu1Pw+vnd8kmsJQkC/6PhsNdLWk2bWl:Kb3M2fR6X790FsVmu14/tsJQky6PC2bs
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order 6189.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Purchase Order 6189.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
Purchase Order 6189.exe
-
Size
796KB
-
MD5
33c622017f60418a896746a0b9697e1e
-
SHA1
6da480faadd0556c2bccfffe6a193db2f75ef3cc
-
SHA256
d7a79d5396019c96512f067c11dd9bfeb14fc15c666d3f6994ca46ecb8ec9fa7
-
SHA512
c75714578fb5597a0adfc3845ebfe92d71015f4a00c883b7d5479930082054f30132a28c5dcf8466d75cceac4ef4d6dedecaa63e506d171de15d2808d5dcefaf
-
SSDEEP
12288:iB5nF8pREGHTbL0RS7BzB46USGD7N1Zw+LnZ8kWsJQMCJSPhsrdLgk2bWjq07:6m+S91460D7N1aTHsJQMqSPA2bWu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-