General
-
Target
rJASBillOfLading-TPE36494384_PDF.exe
-
Size
372KB
-
Sample
231208-ql9saaff9z
-
MD5
83979988b7eee53f987fd8ed71d3147f
-
SHA1
c6a47777fe3078408471497087c3df23b3c39997
-
SHA256
ff35e95ff9ded617358d381b1a6ff7ad41b91a72ed823c827c756884a1c0c802
-
SHA512
9632623e414d1d6d0de0bd09c33f9d90036555a9c33d5cbbae6e83999200a00c804726be35f7043bd886b42b07ee3bddc1b686fb18d0356bad0028aab6d3bfa2
-
SSDEEP
6144:ax0VDXxQyrWwyJkeY+Js0OdOM2nY8U/MI6Cv1QBRc++dYB6ZZY32fX/pnneU5jk:y0VLxQyrWscT+8U/+
Static task
static1
Behavioral task
behavioral1
Sample
rJASBillOfLading-TPE36494384_PDF.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
rJASBillOfLading-TPE36494384_PDF.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mailbuilderbuilder.com - Port:
587 - Username:
[email protected] - Password:
Alluminio.1 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mailbuilderbuilder.com - Port:
587 - Username:
[email protected] - Password:
Alluminio.1
Targets
-
-
Target
rJASBillOfLading-TPE36494384_PDF.exe
-
Size
372KB
-
MD5
83979988b7eee53f987fd8ed71d3147f
-
SHA1
c6a47777fe3078408471497087c3df23b3c39997
-
SHA256
ff35e95ff9ded617358d381b1a6ff7ad41b91a72ed823c827c756884a1c0c802
-
SHA512
9632623e414d1d6d0de0bd09c33f9d90036555a9c33d5cbbae6e83999200a00c804726be35f7043bd886b42b07ee3bddc1b686fb18d0356bad0028aab6d3bfa2
-
SSDEEP
6144:ax0VDXxQyrWwyJkeY+Js0OdOM2nY8U/MI6Cv1QBRc++dYB6ZZY32fX/pnneU5jk:y0VLxQyrWscT+8U/+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-