General
-
Target
PO#202312.zip
-
Size
630KB
-
Sample
231212-xbr8taaacn
-
MD5
81079114169c3dc1157888168cd88c82
-
SHA1
2b83664fa2af21b27d6e547200c774e33bfeda89
-
SHA256
79c876d02fe3cbb401a8862883da6c028ab59ddab08d442f81ed1c1ac735ad57
-
SHA512
296971840ccd983eaff0e20e0afd8898e5814de5c96f09ba4b037af5adffef7a63da9e52fe81489ce9fb24a7055db4d9413c617e068b32fab73b4328f73da84d
-
SSDEEP
12288:QGC8+be6/3YOxozSso6nYMfbW39WWN3gDWH/tIfUWi2ZNRT5xaduCWz0p:VCHq/Ox8o6npzpEgDE/tIfU8nMduCEW
Static task
static1
Behavioral task
behavioral1
Sample
PO#202312.exe
Resource
win7-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.2sautomobile.com - Port:
587 - Username:
[email protected] - Password:
Kenzi051008 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.2sautomobile.com - Port:
587 - Username:
[email protected] - Password:
Kenzi051008
Targets
-
-
Target
PO#202312.exe
-
Size
662KB
-
MD5
3cfb07a2465657d8928e675dedcd9978
-
SHA1
c5bd7e1f89fde69af56a8305e5fac685557da92e
-
SHA256
b5373781057e3cc3a3e2064f57942adc17f2a3905de6c1037332dfaede7a9cba
-
SHA512
77c6687b8c635e90b8c19c914d5873ee40a8105448dc96480a2a1c1fb7abcb201ad4cd0a0ae9768a696743a29b1e6d25aeed62dcc93d5d60fee858781326c88a
-
SSDEEP
12288:huGo+4WpAE9y7Rxkz2Uo6hYMRbG7TyQ8WyDv3WDWHUIpUsimxVR5dx6D78cPLC+:ppAEIxyo6hplGUWyrWDEUIpUOTKD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-