General
-
Target
2a567dd629f2b01ea358db5d801fb787.bin
-
Size
605KB
-
Sample
240408-bhwc6acb5z
-
MD5
c8527b63c1b322a6a0c9a55426894e8c
-
SHA1
e00235c37177fd3a890dfd99db2fb98d82669d6f
-
SHA256
269d1a87cb053855b9af6dffa3d20d4ba0cfed056ecaafa043e118e2309a296a
-
SHA512
ac7089edebf7050db3c67e61f38cc02a43e3ac600caf9bb7cd061355109d40bdf16c2e428d4f336a2722013a0e9b57319b2b178b089edf2315c34e778c4e8640
-
SSDEEP
12288:14fWfrMapp4OIhiqwmyw1IvAdfk/NhZYaYkQd2RhQPPLNNdf1H:14clp5AImDgAJk1LYaYkQUSbXj
Static task
static1
Behavioral task
behavioral1
Sample
PDF Payment Notification fkHWFp2kdYelWk3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PDF Payment Notification fkHWFp2kdYelWk3.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
PMOYQrU0 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
PMOYQrU0
Targets
-
-
Target
PDF Payment Notification fkHWFp2kdYelWk3.exe
-
Size
632KB
-
MD5
f8d36232107047afe262f9b8711bce2d
-
SHA1
bc48516389629f07d29fa8b7425eca0dfbbc6dec
-
SHA256
a433dfdb99b293b73898ac05be0fbf6baa9d79976655b0c51ba5a5a0066a2632
-
SHA512
5bfab42733edc5a4cf5c790642e5479331f440f420908812fc2e1dc683e100ac5ab530895d049083b4ba8da6e68e99917e9bd8aaa1456a4c49bfea1ea5902c9c
-
SSDEEP
12288:DF9lwFa3JY0YPxnyQPgkA/W0L0A4732TH4NrYNHS5sohUHZB:DF9n5UyQPcOcpUGgrb5jmH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-