General
-
Target
April 2024 order Pdf.exe
-
Size
764KB
-
Sample
240416-pllj1sac37
-
MD5
1a75fb2dda3e1cb61bfafee3d684d83b
-
SHA1
767823688a9146bb9c520be22719df8289f66495
-
SHA256
15e6d2f42a3ca802155a78e54cf8d3fb9df7746290fd4acc544472b1800bba00
-
SHA512
639dae8f04c3ab201d710e250fc8040252789f2f2f653ed35dc68ccd6d549d50c474bac7f919b3227bfee187d94d78e009aafb8d601808a2058a3da0ab4320b1
-
SSDEEP
12288:8lyUNb//rs74XjQgWMAQL1IvFiYANqrGi+7FmofGeaO1ba63mP:9O/1jQTMAY1AQYAN6Gi+7FmIGel1+hP
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Sl!KOtF7 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Sl!KOtF7
Targets
-
-
Target
April 2024 order Pdf.exe
-
Size
764KB
-
MD5
1a75fb2dda3e1cb61bfafee3d684d83b
-
SHA1
767823688a9146bb9c520be22719df8289f66495
-
SHA256
15e6d2f42a3ca802155a78e54cf8d3fb9df7746290fd4acc544472b1800bba00
-
SHA512
639dae8f04c3ab201d710e250fc8040252789f2f2f653ed35dc68ccd6d549d50c474bac7f919b3227bfee187d94d78e009aafb8d601808a2058a3da0ab4320b1
-
SSDEEP
12288:8lyUNb//rs74XjQgWMAQL1IvFiYANqrGi+7FmofGeaO1ba63mP:9O/1jQTMAY1AQYAN6Gi+7FmIGel1+hP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-