General
-
Target
8967ba06a9ea11aa7b7323e7e830ce0d11202e64b4724f3589510400b3dcd36d
-
Size
1.3MB
-
Sample
240425-bsl78sch7v
-
MD5
92c6ada9749cb0960e77dcc87b89c134
-
SHA1
eb00fc0f7e11615dfb5ef3b59873a0b108f5b29f
-
SHA256
8967ba06a9ea11aa7b7323e7e830ce0d11202e64b4724f3589510400b3dcd36d
-
SHA512
c2e9b0bc0894c4af4534e6b3f31375a36a1ac1997fbc67bc7a05625ed134998851959c4ac8059a930b521890a84a0e711df7cdb7e5c59dc5eff8107322542e3d
-
SSDEEP
12288:0hF2iNG8txwymWPYGk1N7HllNsVuLBPbU6gXVDpKq1ZzI1IgzbR6lv312Z3tGk:CF1ByymWPC1VL6VuL2JVDIuuR6J312Z
Static task
static1
Behavioral task
behavioral1
Sample
Unicredit_OutwardRemittance_copy__PDF.scr
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Unicredit_OutwardRemittance_copy__PDF.scr
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alfainterplast.com.ua - Port:
587 - Username:
[email protected] - Password:
pay2024password$$ - Email To:
[email protected]
Targets
-
-
Target
Unicredit_OutwardRemittance_copy__PDF.scr
-
Size
784KB
-
MD5
9810741e60031ea0438f997539d4bb95
-
SHA1
a4bd51175629f2ae92917133ff1f92d0ff02df6d
-
SHA256
7ed15e981155508352b3b0a00914c2809b28e80fb6ebab81020fdac6ceff05c9
-
SHA512
15a2aafb1e076267310a79459916ed037797264961faef0dda5e30cc575dba43f14a592c90ab436ab173976fb9c91901e9c9bdfc574bddab26f825d70585d368
-
SSDEEP
12288:ShF2iNG8txwymWPYGk1N7HllNsVuLBPbU6gXVDpKq1ZzI1IgzbR6lv312Z3tGkR:MF1ByymWPC1VL6VuL2JVDIuuR6J312ZH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-