General
-
Target
Shipping document.rar
-
Size
669KB
-
Sample
240328-k2zpcseg73
-
MD5
beb5323f32ee560acd32dbfe08e6c49c
-
SHA1
0b2b8ceb56f04501aea22aa951907573b920dd6a
-
SHA256
9bb8410a3d44829099d4d57de031eedbca80932ab6f65c72a66daf8f802426f2
-
SHA512
b920598145b35c912c641334923590c92ea4a3af13d15891679b4130e17f8ec9fd80de35b4bdd8c6a663640fe79da5f3837c7caa26c0b46c45d79e871de196c7
-
SSDEEP
12288:613gXIlnph/a+OYXmHKdXTFVEuuzJbIu+IIhJV0i9SxkN4P413/RK3u/ty9I:JXqph/a9oZVEZbOJV04SxkSP41U+1y9I
Static task
static1
Behavioral task
behavioral1
Sample
Shipping document.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Shipping document.exe
Resource
win11-20240319-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.satsllc.ae - Port:
587 - Username:
ahsan@satsllc.ae - Password:
Ahsan@12345 - Email To:
benj50454@gmail.com
Targets
-
-
Target
Shipping document.exe
-
Size
811KB
-
MD5
3e250c8f6da5865c870cf22248ba3ec1
-
SHA1
368a5d934287bfd7a17bcff191a5cc613dc4d2a6
-
SHA256
88f00d7856da4bc4cdeb97ac096da86e28a9340e494e669a634bce5e79f2b240
-
SHA512
44a78a4d623212cbd8e8e4dae311f62c9191caf07c8cfba2003e75f2344737afa24a98e0b7e29b2c0e1b57a8154a9391f6177e4113b5c8a8e714aee7c702f003
-
SSDEEP
12288:JHH3IApRsBvcuDAxYOw65SLgpltAzg1VxSr5gLsPEOdIMSI89qvEpOvV:JnDpRsxR6FliMx854qXNSI85
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-