General
-
Target
2decbf1b4dbf9a71422da3bd34f9c4bd1bf58ebaf39ef01d5451dac0be5e7d66
-
Size
432KB
-
Sample
231209-bke4ysdham
-
MD5
cc5bdb056ffa030ba7cd4bf907a74af8
-
SHA1
14ba0b7ca68c16241852c1d7b8963037c80483eb
-
SHA256
2decbf1b4dbf9a71422da3bd34f9c4bd1bf58ebaf39ef01d5451dac0be5e7d66
-
SHA512
e2655de9152775aceb2de2a1d715714e334e4b9b87c810942a54eaf5352516f1cb760ff205c16a9c858b8dbce12316c86cb157b28e1655e771f9b294e616f5a7
-
SSDEEP
6144:8x0VDXxQyrWwyJkeY+Js0OdOM2nY8U/MI6Cv1QBRc++dYB6ZZY32fX/pnneU5jk:g0VLxQyrWscT+8U/+
Static task
static1
Behavioral task
behavioral1
Sample
Dokument Zamówienie 03062022_ZTO_2023_pdf .exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
Dokument Zamówienie 03062022_ZTO_2023_pdf .exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mailbuilderbuilder.com - Port:
587 - Username:
[email protected] - Password:
Alluminio.1 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mailbuilderbuilder.com - Port:
587 - Username:
[email protected] - Password:
Alluminio.1
Targets
-
-
Target
Dokument Zamówienie 03062022_ZTO_2023_pdf .exe
-
Size
372KB
-
MD5
83979988b7eee53f987fd8ed71d3147f
-
SHA1
c6a47777fe3078408471497087c3df23b3c39997
-
SHA256
ff35e95ff9ded617358d381b1a6ff7ad41b91a72ed823c827c756884a1c0c802
-
SHA512
9632623e414d1d6d0de0bd09c33f9d90036555a9c33d5cbbae6e83999200a00c804726be35f7043bd886b42b07ee3bddc1b686fb18d0356bad0028aab6d3bfa2
-
SSDEEP
6144:ax0VDXxQyrWwyJkeY+Js0OdOM2nY8U/MI6Cv1QBRc++dYB6ZZY32fX/pnneU5jk:y0VLxQyrWscT+8U/+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-