General
-
Target
INVOICE.exe
-
Size
811KB
-
Sample
240122-rey8msgdfp
-
MD5
67264514f7afbb2ec180dc94a14194a8
-
SHA1
7403167385888d938913e75200e4dca9efa56b42
-
SHA256
8b44d22c62f8f7f749ed63a3ae1ea5068bdac5db4fbccec5635f47a6fd27dbde
-
SHA512
481dc1cab7874146ea96300e21254699bbe50bce6dea0a91485611933b35951053d9a4bf6c2deb6a3822e6b503220b75675e54b3e0cd78ea9193b60efd90cb5e
-
SSDEEP
12288:Y0TauHvXli04sxePpo+tpSE9wK5OcldJlN2JhGH7S4NNyu:fT/vXrD4po+tsE4s3lNkGb
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.southerngroup.co - Port:
587 - Username:
[email protected] - Password:
sougrp@2020# - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.southerngroup.co - Port:
587 - Username:
[email protected] - Password:
sougrp@2020#
Targets
-
-
Target
INVOICE.exe
-
Size
811KB
-
MD5
67264514f7afbb2ec180dc94a14194a8
-
SHA1
7403167385888d938913e75200e4dca9efa56b42
-
SHA256
8b44d22c62f8f7f749ed63a3ae1ea5068bdac5db4fbccec5635f47a6fd27dbde
-
SHA512
481dc1cab7874146ea96300e21254699bbe50bce6dea0a91485611933b35951053d9a4bf6c2deb6a3822e6b503220b75675e54b3e0cd78ea9193b60efd90cb5e
-
SSDEEP
12288:Y0TauHvXli04sxePpo+tpSE9wK5OcldJlN2JhGH7S4NNyu:fT/vXrD4po+tsE4s3lNkGb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-