General
-
Target
Quotation.pdf.z
-
Size
618KB
-
Sample
240329-t447asce51
-
MD5
e53e3a95646d8e2654bebdee6b687b9e
-
SHA1
fde5156a8f7ff273bd1353a1b9f4e21c2418de87
-
SHA256
78f522862bc39091d29d9091f6efc6fc4d7d6797c76faae6a65c26522f191991
-
SHA512
dda414046a7fb6e3cb3b758f113c9324c3708ec22b6db155b47ddb3ecbf46db2a316f06a2cd638481c7901742f1458aaf0e06df29f3b428e1146fe8bfcda5729
-
SSDEEP
12288:pipfKAhCNolQUrYkKQvTJad/Tfb5l8mUSi4va0tsaJpeTkMg8nG3rTw6e2zz:pipf9/YWTJofNl8mPi4vxtt7eTC13Jzz
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.pdf.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tariqinternational.com - Port:
587 - Username:
[email protected] - Password:
taha@2005 - Email To:
[email protected]
Targets
-
-
Target
Quotation.pdf.exe
-
Size
695KB
-
MD5
61d343222c270b50fdf882011222e435
-
SHA1
b57f309cac22c8e79fb9ea43ae92028b5873a66c
-
SHA256
a1a5145381a87900950867d3e6632aaf89fdedb9c898bf44fd7efbea077ab224
-
SHA512
52cba082b0439d17e7e1d47c6ecc12f172b24e29e9125da2911e44c24c23c8051f30e7615e76700d5341359a2ec26a79ec195ee15e0620f8f9463dbacbc9990e
-
SSDEEP
12288:PlShCZs+/zSuMtf+I6BLLVcyMgBDYHsaWuTwAq3XA2ZWieEhcdBDX:NSUq9xfGNc5gBcBWuTwAwHWieu+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-