General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.29741.10451.exe
-
Size
704KB
-
Sample
231208-ttnrkabadl
-
MD5
a576153b3c74a904b1f8f45092615859
-
SHA1
7f6b01f1271c4138a4f8bf38e9543afc0cfca582
-
SHA256
e8434c616498087ebeaa23ca1b164dc1c4ba49579d759035b3e46c0c17bd3c75
-
SHA512
5502f1718cdacb8d21588c974955967fa56bdb1ed12e4618f3b159c1a3a514cc507a325bb67776b323c3e43c740c945111584fb9c1ada3a9a6ff39f2dffe8d69
-
SSDEEP
12288:WEjuxvGmhyeQsIVTTcagHHG5N4MAHKGiOgHos2VAiOji8wuQ5nH:dmQeQ1VTTh6MAZ4oscghwT5n
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.29741.10451.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.29741.10451.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.amtechcards.com - Port:
587 - Username:
[email protected] - Password:
]i[a(tUWlmp% - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.29741.10451.exe
-
Size
704KB
-
MD5
a576153b3c74a904b1f8f45092615859
-
SHA1
7f6b01f1271c4138a4f8bf38e9543afc0cfca582
-
SHA256
e8434c616498087ebeaa23ca1b164dc1c4ba49579d759035b3e46c0c17bd3c75
-
SHA512
5502f1718cdacb8d21588c974955967fa56bdb1ed12e4618f3b159c1a3a514cc507a325bb67776b323c3e43c740c945111584fb9c1ada3a9a6ff39f2dffe8d69
-
SSDEEP
12288:WEjuxvGmhyeQsIVTTcagHHG5N4MAHKGiOgHos2VAiOji8wuQ5nH:dmQeQ1VTTh6MAZ4oscghwT5n
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-