General
-
Target
15f0ddc88c6582b454002e768cc8c8a9b59995276b86aa7d75ef6a17af2fda8ccab.cab
-
Size
608KB
-
Sample
231207-yglhwsfb29
-
MD5
ebcf12f80da30c7a077d1740dfdd5bd0
-
SHA1
79ce29609ca633f7ab3fd9cecf147a8ba58ba6a8
-
SHA256
15f0ddc88c6582b454002e768cc8c8a9b59995276b86aa7d75ef6a17af2fda8c
-
SHA512
5b4f111f9e2d241b9460269662b41130305ac597af2863127de4fe5c05533e4c34155f089a60013efced6be492bf23067f1d5f37043926cb4b3f7cdf9b7a252a
-
SSDEEP
12288:c6s8jX2yBOpMwZt+Oik9nwhBEm4pZ5fzJfO4mtRk3gFSAA:pLrgy8XtwhBH8Z5924mtRk3gIT
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE & AWB #5291760_pdf.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
INVOICE & AWB #5291760_pdf.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.dcc-asia.com - Port:
587 - Username:
[email protected] - Password:
soso@#1235 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.dcc-asia.com - Port:
587 - Username:
[email protected] - Password:
soso@#1235
Targets
-
-
Target
INVOICE & AWB #5291760_pdf.exe
-
Size
639KB
-
MD5
c60068fde058f588a2b7fe236cfbc0e9
-
SHA1
d5b3d029b3645a1f2cbf14ec1d134276e47d60e2
-
SHA256
a75840200db6ba9313053ab15551f6c758d78ac9ffbe75ede0f36e744eaed24b
-
SHA512
146f766575aa3f81a4d90247871e17cd99bb572720f1a5b72a0ace9140476556d321e82526176bc831eefd029253c5fa627eb7ba78bbd73e2c080447fa2249c0
-
SSDEEP
12288:CE5QaueH5qjR82KUIdsNQ3GZDlOPk9JiPB7a4pZ5fBJfOUmtakjg7s:CE3qjWsI6wKo44PBu8Z5L2Umtaks
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-