General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.5345.12149.exe
-
Size
663KB
-
Sample
231212-mchewscgb9
-
MD5
d0443f3c5cb3943f18763fa71cb29012
-
SHA1
c12f03b346efcb38d264f5d6a93a8717dfd991a6
-
SHA256
28f355f50396aa239cfac12652aa588c810f025bb4f40e220810bc7b737466ff
-
SHA512
b22637b08c2c88723744fd9db61103f6549f76aac19152b292d04ffbe8cb7db8f71e9624bacb56258b70db58af002c43d89455070d959a23dfe65270a352afd2
-
SSDEEP
12288:DrS+4WpAEgy+DnFoNYSfBQU9Uyk+yDNQQL85r5kxN8iyV2Yd+:npAELYSOUuykFK5r5KhyA
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.5345.12149.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.5345.12149.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
nne dimma080 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.5345.12149.exe
-
Size
663KB
-
MD5
d0443f3c5cb3943f18763fa71cb29012
-
SHA1
c12f03b346efcb38d264f5d6a93a8717dfd991a6
-
SHA256
28f355f50396aa239cfac12652aa588c810f025bb4f40e220810bc7b737466ff
-
SHA512
b22637b08c2c88723744fd9db61103f6549f76aac19152b292d04ffbe8cb7db8f71e9624bacb56258b70db58af002c43d89455070d959a23dfe65270a352afd2
-
SSDEEP
12288:DrS+4WpAEgy+DnFoNYSfBQU9Uyk+yDNQQL85r5kxN8iyV2Yd+:npAELYSOUuykFK5r5KhyA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-