General
-
Target
SRF Industries (Thailand) Ltd.pdf.exe
-
Size
40KB
-
Sample
240223-nmmb9sfc9s
-
MD5
26c95e5acba77d7fd14d109c94f75cca
-
SHA1
56359d96cd63d66b51eb49acd46d8df25f170c30
-
SHA256
32272f676a500007b4321f7c076ec3169305615e230dad3d89c63e0cfd24c1c6
-
SHA512
6b2bd0a6240a13b641d005dc34cd364fd5eb2bb861d49d33bf826766ea0daf4a264f1182905363720b6a8bfad03d97386e965863578e57cf2cf5403d1309363a
-
SSDEEP
768:1pc7ngE+7L+Phy83dWrz7lwHZjl7GdoUNIBBv5r:1Aj+7100rz7lwHj7QSBvJ
Static task
static1
Behavioral task
behavioral1
Sample
SRF Industries (Thailand) Ltd.pdf.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.supplyvan.xyz - Port:
587 - Username:
[email protected] - Password:
Ifeanyi1987@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.supplyvan.xyz - Port:
587 - Username:
[email protected] - Password:
Ifeanyi1987@
Targets
-
-
Target
SRF Industries (Thailand) Ltd.pdf.exe
-
Size
40KB
-
MD5
26c95e5acba77d7fd14d109c94f75cca
-
SHA1
56359d96cd63d66b51eb49acd46d8df25f170c30
-
SHA256
32272f676a500007b4321f7c076ec3169305615e230dad3d89c63e0cfd24c1c6
-
SHA512
6b2bd0a6240a13b641d005dc34cd364fd5eb2bb861d49d33bf826766ea0daf4a264f1182905363720b6a8bfad03d97386e965863578e57cf2cf5403d1309363a
-
SSDEEP
768:1pc7ngE+7L+Phy83dWrz7lwHZjl7GdoUNIBBv5r:1Aj+7100rz7lwHj7QSBvJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Contacts a large (4576) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-