General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.27494.29811.exe
-
Size
620KB
-
Sample
231212-mchewscgc2
-
MD5
c8a831d4afc814f694d4ba49ed77dcc0
-
SHA1
68482ad646f684d2741886a76c3f719e9d42f481
-
SHA256
02dde64610d19f1d51a35f304691885db239dd187e2650d0071d26b3cf105240
-
SHA512
42cd0e1bde887c247dc8f3fced0964503f6c9bf38ed07535d568a8ddb1c047686c216420e91f630710bab827ef60863673aba6da2183945e51bdd09c183904bf
-
SSDEEP
12288:G3IU8S6eUdD6f4/3YRp36WYuwI8UsfmZCrldFcG4q4gcn:8ItSAdeTRVY7ks+mldFc+4g
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.27494.29811.exe
Resource
win7-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@#
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.27494.29811.exe
-
Size
620KB
-
MD5
c8a831d4afc814f694d4ba49ed77dcc0
-
SHA1
68482ad646f684d2741886a76c3f719e9d42f481
-
SHA256
02dde64610d19f1d51a35f304691885db239dd187e2650d0071d26b3cf105240
-
SHA512
42cd0e1bde887c247dc8f3fced0964503f6c9bf38ed07535d568a8ddb1c047686c216420e91f630710bab827ef60863673aba6da2183945e51bdd09c183904bf
-
SSDEEP
12288:G3IU8S6eUdD6f4/3YRp36WYuwI8UsfmZCrldFcG4q4gcn:8ItSAdeTRVY7ks+mldFc+4g
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-