General
-
Target
attached final docs.rar
-
Size
633KB
-
Sample
231212-s1bvxahbb7
-
MD5
53556327aca5dec09544cad66f0d7d54
-
SHA1
2b9105c2dd64b6c369ed3c5751d66c19260abba2
-
SHA256
76be6cb7d75b3f78abc8074f0885d4efd99059997a285a33a9ea359183be8a68
-
SHA512
2cd8a410c8edd6eaa9a4d7dc0541999ecfae59c621ddda795f24068e9bbf94d468eb9cbbfd440cc2c376ec387bb9e1efc875b5cf6b9cde23f1b913b630b249af
-
SSDEEP
12288:V/8Lf4eaYMArw68mPWHCvivnsf/uFOSqpUbue8zUGWIISH2:VGf4eaYviwikfqScukC2
Static task
static1
Behavioral task
behavioral1
Sample
attached final docs.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
attached final docs.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.precise.co.in - Port:
587 - Username:
[email protected] - Password:
Singh@2022$ - Email To:
[email protected]
Targets
-
-
Target
attached final docs.exe
-
Size
672KB
-
MD5
05bdbf0f45e344ba71847553e4900da0
-
SHA1
108de8169c3e3affadabb29a3da9d953efb79c87
-
SHA256
7f382cc5928a8adf09033a4412af83f103fe25384f7fb39343344432fc71f8c1
-
SHA512
922c275dd6ae6ed21a0a9789343d1848b739ff0dc5d4f0db4f8722b3b5804e0f9061d4ad1a22a7aef83044ed9fa9adbae33014b2df743fa52f364f9f57bd0198
-
SSDEEP
12288:2S3IU8S6eUd+qKo5v8XCQNhtFJXuxgOwZ0GPkqxEvYnfgAJ7pArHaBtUzefE:2IItSAd+qKo96vNxZMeA0tHE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-