General
-
Target
BANK INFORMATION.pdf_______________________________________________________________________________________________________.rar
-
Size
609KB
-
Sample
231206-rmlmhsde8w
-
MD5
f381329e0f36c9b6aecda0a8c8af7636
-
SHA1
5d71bceece01208695811e6c1be75eb72048fdbc
-
SHA256
d2201584fe867ba31d5a7a4ec72c330f8a56b1485f09d750fdb88d3729b81090
-
SHA512
cd306d575d78f5e7fe4a0d277fd8036743537d8d30a1c652522ade955529ef97fa21b9d24314adbbc4b9c678364dc3ab143487e7de8dbde0acdb8041e92e1590
-
SSDEEP
12288:0h7VOLUa0RfXIb8XYPhH7hu8t89twBsgsUtsBKUIkb64v26F:0DEb0J5IPlLt89s5jo9/9F
Static task
static1
Behavioral task
behavioral1
Sample
BANK INFORMATION.pdf_______________________________________________________________________________________________________.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
BANK INFORMATION.pdf_______________________________________________________________________________________________________.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail5.planetc.net - Port:
587 - Username:
[email protected] - Password:
623434@esit - Email To:
[email protected]
Targets
-
-
Target
BANK INFORMATION.pdf_______________________________________________________________________________________________________.exe
-
Size
635KB
-
MD5
f81f4ddb8a6db73ce0ffd9aaac061132
-
SHA1
5049fd3d9e81fdf6881c2d740f5704c29909ed97
-
SHA256
073e8de8cf8abd3c8abda997a599d7fb40ddf5e9969ec3bebfdd5f4aa7ca32f0
-
SHA512
52486c1b37d1404fb493d806bd533668bc694cfc46a581ea68cb61617f8303f05cd191405d3390e5d983809e7dfd22f7ae863ac7a50649b2c502f8b0ee2006d5
-
SSDEEP
12288:HCjQaueH5qxF3SW2J2IsmqgJn8VRgpm9AVPUPjmiYs5JpOxKOaJwntZh5m:HCBqxFusmq1vWm9nLmiViV5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-