General
-
Target
238d9e9b6416b65d729dacf0a65d408182d2b158a9fdaade2f1ea8316a1078d9
-
Size
1.2MB
-
Sample
240328-bj1dhaab35
-
MD5
f3706d2e0eeb05d52f3a7dbf07099575
-
SHA1
611878de05446ae35a3c4ef6605e6cc6f47f7e03
-
SHA256
238d9e9b6416b65d729dacf0a65d408182d2b158a9fdaade2f1ea8316a1078d9
-
SHA512
ccc6651a4b037e8bb192369df24d4d294a2f33514c445bcf7d478b4dbea2bfd24166abe36dac0352d7458d5e7ed7eb06e1a315440986d3accc2a0bfb26a47d57
-
SSDEEP
3072:i7LP9R7YyEyEAxFAAa37c8eX8Y2y/429sqhKp6ua5u1iCZyNRZU8cLnd:oR7YpAxjWc8eX9/42NhEa50ezcLnd
Static task
static1
Behavioral task
behavioral1
Sample
Maksajuma Kopija_ Swedbank_Pdf.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Maksajuma Kopija_ Swedbank_Pdf.bat
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.aist.lv - Port:
587 - Username:
[email protected] - Password:
WoodIsaev88
Extracted
agenttesla
Protocol: smtp- Host:
mail.aist.lv - Port:
587 - Username:
[email protected] - Password:
WoodIsaev88 - Email To:
[email protected]
Targets
-
-
Target
Maksajuma Kopija_ Swedbank_Pdf.bat
-
Size
191KB
-
MD5
235301817498be96c6d65a417cc443c7
-
SHA1
7521769e3b245c2569fb1fa712762fcbdfdf604d
-
SHA256
51f353ec3f19b4fc3acc056ae3dc07247e7b3a212c68149cdb08c7d0c62b4d2d
-
SHA512
94fb845b5fd5ef8d34ed1c8e49ec3670da6ff9bf316bf445745081a62696ccc713d1fa1ae4c325f3647103bc4adf892e5f2fd4eda64075e6dd2ed2d6a2b2ff81
-
SSDEEP
3072:MLP9R7YyEyEAxFAAa37c8eX8Y2y/429sqhKp6ua5u1iCZyNRZU8cLndj:MR7YpAxjWc8eX9/42NhEa50ezcLndj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-