General
-
Target
PRODUCTS LIST.pdf.exe
-
Size
725KB
-
Sample
240327-m3efxsaf44
-
MD5
3afc031f6c1a6ec6d4d075351c16529b
-
SHA1
25b3288e34d9b6473572d2f4264c27546700faa6
-
SHA256
9c49bbe71a875101949fd0ddf980825c8ac09d566c9e55c2ac94caf8052f5e2e
-
SHA512
102c95629b14ba98256f56d14a6418a5f0bb79b562d129b948fdafd1b0d29ade909c1cdc5d0854460ba6ccf240e3be763d9b038cdd735a7c28cb5213be1b7556
-
SSDEEP
12288:U4CMwY4XU5F5gIKxGA87K5BV5lwKSj6bthuaLlsXaeyXYAlRzFIhuaOaT1upA7kR:li0Fm4IBV5vtUa+bLAlR5IhV1i
Static task
static1
Behavioral task
behavioral1
Sample
PRODUCTS LIST.pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PRODUCTS LIST.pdf.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.animetals.com.my - Port:
587 - Username:
[email protected] - Password:
8VHMY#KF%kpF - Email To:
[email protected]
Targets
-
-
Target
PRODUCTS LIST.pdf.exe
-
Size
725KB
-
MD5
3afc031f6c1a6ec6d4d075351c16529b
-
SHA1
25b3288e34d9b6473572d2f4264c27546700faa6
-
SHA256
9c49bbe71a875101949fd0ddf980825c8ac09d566c9e55c2ac94caf8052f5e2e
-
SHA512
102c95629b14ba98256f56d14a6418a5f0bb79b562d129b948fdafd1b0d29ade909c1cdc5d0854460ba6ccf240e3be763d9b038cdd735a7c28cb5213be1b7556
-
SSDEEP
12288:U4CMwY4XU5F5gIKxGA87K5BV5lwKSj6bthuaLlsXaeyXYAlRzFIhuaOaT1upA7kR:li0Fm4IBV5vtUa+bLAlR5IhV1i
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-