General
-
Target
SecuriteInfo.com.Trojan.Locsyz.2.2D0.720.16964.6395
-
Size
822KB
-
Sample
240328-mjhz1agc27
-
MD5
b1f42dab84b254f5595d45fd7282496f
-
SHA1
71af03e51bbdded888dbb714c67c38809802a1c0
-
SHA256
d0dcfea187c2da840bfeba21de0b50952c97dc101065a93d94909e2975bfe558
-
SHA512
70e855d62ec53c434306b2f2c63f988cef0c8ac2b7ba44ff0f88da26656f9c272e481aa4e6e42655bd23854b3e523418f8c4bd8f7d8375fe8588a24e90db8189
-
SSDEEP
12288:ZfB+0YOwqOpd95DFtfxIX/kl1goC9yRqt42SfZqLxjAOLbz53bnO2Frs5r0U6+/H:yO7mTfxE/MlRp2SfZqLxUOLB3DO
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Locsyz.2.2D0.720.16964.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Locsyz.2.2D0.720.16964.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.sintecno.gr - Port:
587 - Username:
info@sintecno.gr - Password:
k$&v8@,q0Pf#
Extracted
agenttesla
Protocol: smtp- Host:
mail.sintecno.gr - Port:
587 - Username:
info@sintecno.gr - Password:
k$&v8@,q0Pf# - Email To:
donj5425@gmail.com
Targets
-
-
Target
SecuriteInfo.com.Trojan.Locsyz.2.2D0.720.16964.6395
-
Size
822KB
-
MD5
b1f42dab84b254f5595d45fd7282496f
-
SHA1
71af03e51bbdded888dbb714c67c38809802a1c0
-
SHA256
d0dcfea187c2da840bfeba21de0b50952c97dc101065a93d94909e2975bfe558
-
SHA512
70e855d62ec53c434306b2f2c63f988cef0c8ac2b7ba44ff0f88da26656f9c272e481aa4e6e42655bd23854b3e523418f8c4bd8f7d8375fe8588a24e90db8189
-
SSDEEP
12288:ZfB+0YOwqOpd95DFtfxIX/kl1goC9yRqt42SfZqLxjAOLbz53bnO2Frs5r0U6+/H:yO7mTfxE/MlRp2SfZqLxUOLB3DO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-