General
-
Target
20240328transaction-copy Pdf.exe
-
Size
617KB
-
Sample
240327-3g9ypsgg6s
-
MD5
a1cfc0e1471ab03ae805282abbb771ef
-
SHA1
02401a46af1d3e062c483bbc12573652701b9081
-
SHA256
a84ee8232f5a37ae4a468c0e71f52869fdd445384c42556b1a5b15880522aafa
-
SHA512
5fde35a22351b8a4adb2019ce865fe55d8337db9bcc0bbf63e06935f5ea07d57c1d3dca0674862409d63f81cd104272684567ef1b5cde54e2b2d17c1cc6b9ada
-
SSDEEP
12288:r94XSqqHmms9jgqal8V2YsI+DItbJT6CDvSVG6CI6yo1VQagZ:r94XSqqHm1al84ZDItdnqGJI/o1VgZ
Static task
static1
Behavioral task
behavioral1
Sample
20240328transaction-copy Pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
20240328transaction-copy Pdf.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Sl!KOtF7 - Email To:
[email protected]
Targets
-
-
Target
20240328transaction-copy Pdf.exe
-
Size
617KB
-
MD5
a1cfc0e1471ab03ae805282abbb771ef
-
SHA1
02401a46af1d3e062c483bbc12573652701b9081
-
SHA256
a84ee8232f5a37ae4a468c0e71f52869fdd445384c42556b1a5b15880522aafa
-
SHA512
5fde35a22351b8a4adb2019ce865fe55d8337db9bcc0bbf63e06935f5ea07d57c1d3dca0674862409d63f81cd104272684567ef1b5cde54e2b2d17c1cc6b9ada
-
SSDEEP
12288:r94XSqqHmms9jgqal8V2YsI+DItbJT6CDvSVG6CI6yo1VQagZ:r94XSqqHm1al84ZDItdnqGJI/o1VgZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-