General
-
Target
8514d154a5f48e8e686db29b65929c510877b21e22431f9f4b30b902ed1f4764
-
Size
426KB
-
Sample
231209-ccxjpsffb4
-
MD5
d3b425f63632a27cf4242729fdeae97d
-
SHA1
bfaf7533a988214066e5a872bd8f17ccfc37cc00
-
SHA256
8514d154a5f48e8e686db29b65929c510877b21e22431f9f4b30b902ed1f4764
-
SHA512
25a14479047cf78f75679150c513017afbde5e8572f95917ce24fa05d54077f4838d48aa305353cd7abe95014dd5e6fcb33d78ac2f7928c684237d2a9cbb6c37
-
SSDEEP
6144:eKYVlXxA4AWiyJLeY+Js0OdOb2KwLOFnv5Cr8bQmP2iwgHQv5jkX:BYVxxA4AWtcTUiFv5Q8bQ
Static task
static1
Behavioral task
behavioral1
Sample
NEW_PO_00000024230_pdf.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
NEW_PO_00000024230_pdf.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.jaazgroup.com - Port:
587 - Username:
[email protected] - Password:
cincin/123
Extracted
agenttesla
Protocol: smtp- Host:
mail.jaazgroup.com - Port:
587 - Username:
[email protected] - Password:
cincin/123 - Email To:
[email protected]
Targets
-
-
Target
NEW_PO_00000024230_pdf.exe
-
Size
374KB
-
MD5
99c48e1995ac17d9a080b9c52b71eb1a
-
SHA1
03d6a2aff955f69c8f1dddb2a13ee978bbba1aa0
-
SHA256
c401c219b72dad04c802d28d9b78984702779fa1faadb9743ce2bfa1e703389b
-
SHA512
d6b88e37a6946d45b7ba8ae4ebc1b179a18d6bac9dbf7047197f272c1085364e87a09208ff5a999e9169ba7c9e35e5bd208c3206f276352fe26b9154fd144a54
-
SSDEEP
6144:8KYVlXxA4AWiyJLeY+Js0OdOb2KwLOFnv5Cr8bQmP2iwgHQv5jkX:3YVxxA4AWtcTUiFv5Q8bQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-