General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.21299.5155.exe
-
Size
747KB
-
Sample
240327-kbvygsgc75
-
MD5
7e50b0328014e0c2f3ec7bc7ecec7d27
-
SHA1
ed2f7dca7d90b68b992f78ecb33ce80554610027
-
SHA256
c2a6bcd8a0594ef65687fad97e30f52c0a6995efd5739c1a431376de5ad2857a
-
SHA512
b00d7d38f0b80506a701859caea9c767fb1efe1ab595c85817019900389a5d36f225c82cf240fe5a1ba788b0a43cd4b5ee91882e6c60bc2c4d1a8f9d17ec49cd
-
SSDEEP
12288:ok6ayww07LVL0JCXCNsol0jRhH7MfaQx64kuaizm/AlH3kjY+n1cE3:sajTpICCFslijFS/kUjVx
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.21299.5155.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.21299.5155.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.wecaresvc.com - Port:
587 - Username:
[email protected] - Password:
s2a8l4e9skao
Extracted
agenttesla
Protocol: smtp- Host:
mail.wecaresvc.com - Port:
587 - Username:
[email protected] - Password:
s2a8l4e9skao - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.21299.5155.exe
-
Size
747KB
-
MD5
7e50b0328014e0c2f3ec7bc7ecec7d27
-
SHA1
ed2f7dca7d90b68b992f78ecb33ce80554610027
-
SHA256
c2a6bcd8a0594ef65687fad97e30f52c0a6995efd5739c1a431376de5ad2857a
-
SHA512
b00d7d38f0b80506a701859caea9c767fb1efe1ab595c85817019900389a5d36f225c82cf240fe5a1ba788b0a43cd4b5ee91882e6c60bc2c4d1a8f9d17ec49cd
-
SSDEEP
12288:ok6ayww07LVL0JCXCNsol0jRhH7MfaQx64kuaizm/AlH3kjY+n1cE3:sajTpICCFslijFS/kUjVx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-