General
-
Target
df9f1737e1fd7d6d0794994ddbc7350be441b6d012ce43d35c795b8eb88dd30dz.rar
-
Size
607KB
-
Sample
231207-ybkdmsgc3w
-
MD5
a27fee426caab391cc5c234ad3c05337
-
SHA1
291145b01a2284963ed53cdd4fb735879a7b5455
-
SHA256
df9f1737e1fd7d6d0794994ddbc7350be441b6d012ce43d35c795b8eb88dd30d
-
SHA512
e3729ce14856f10a398af3930d6c59e1caf7ea1c5deca2cc68c829026ffc164d632e66cd4d471c8ee008d7b87099d24c1d97006ce7c012278ec5b2af39f31e77
-
SSDEEP
12288:5WXxmr7O4IcUStXJKv74JSuLdOsZePmITYpe7ea7KAoRPTb/u6:mcuI1SGdVZePmOYpeZKXdv5
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice - Advice Ref.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Payment Advice - Advice Ref.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.abi0expertise.com - Port:
587 - Username:
[email protected] - Password:
Najwa1949! - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.abi0expertise.com - Port:
587 - Username:
[email protected] - Password:
Najwa1949!
Targets
-
-
Target
Payment Advice - Advice Ref.exe
-
Size
638KB
-
MD5
a660077cbfed754a0dcca39d62394482
-
SHA1
730639e3be1f23c2fc91146ea2b9255b512f64ba
-
SHA256
810400151abc3b4720611355416884e908ea3bf489c5b3a70866a0b012afb04b
-
SHA512
d06238133bad029eef2106ad614593cc1276b4eefd1ff01fcbf90273f1d99788261a046b6cd788b6e1559164a8af40289da059cd5820b5d99bd3173b2891cf36
-
SSDEEP
12288:SLrQaueH5qMEgpD6ZoYrOrkMw9Un2Xz53yoZAxtEJ/+d5cxdi2RnEzATUs99Cu6m:SLpqMtDQCkf9HG3c9REEQg9A05
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-