General
-
Target
772383635302_1216212830_8096.IMG
-
Size
922KB
-
Sample
240424-rxte4sbf81
-
MD5
ef6d3bcbe416578e93d80338100186e1
-
SHA1
99680a1c62981ae1b5ff8f875c580662df35c3bc
-
SHA256
777aecdc55f325758042f06acbe70d66728c2aeaf3756d63eb7e0cbbac771f94
-
SHA512
573a34403e07b34853a5d1db02d93dbf6d81cc832c9dc764ed2c96b9208933ee414254cde52c4de1f7bae7aa4e42529650530d287b85f7b1e68dc93805185f5e
-
SSDEEP
12288:q2BuuzNcMZtFxyBv1kqx8WU8Ox5iFgN3NsChO1AS7:q2BNcYtFxyBJU8I5iFgN9sCkD7
Static task
static1
Behavioral task
behavioral1
Sample
Pre-arrival Notification.pdf.scr
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Pre-arrival Notification.pdf.scr
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
28#75@ts76#V1F8h - Email To:
[email protected]
Targets
-
-
Target
Pre-arrival Notification.pdf.scr
-
Size
866KB
-
MD5
f0a78c76a0a3868087059f4f0705a9ae
-
SHA1
1713acbb59b349c547ef73d93f39eca35610411d
-
SHA256
bee0f2e0f50d146b489b36f71cbcbb4ee752d92f323aefa1e2a79a30afe96d2b
-
SHA512
f2b739ee8bdffa143d1e5cb4e241907939f7abf0ac798c36a0d8c2b3b8508976940224734ec63cd7187416ff47e9e0973528be76536b9a7afec3438f8a8b571a
-
SSDEEP
12288:/2BuuzNcMZtFxyBv1kqx8WU8Ox5iFgN3NsChO1AS7:/2BNcYtFxyBJU8I5iFgN9sCkD7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-