General
-
Target
7a536696089775b3202833565508bf3b.bin
-
Size
256KB
-
Sample
240426-brrfkagh2v
-
MD5
cd27e7b1f7c4cc114180dc2a1e0a11fa
-
SHA1
3553b173e66f7b77441cd25bcae83090b4ff58d1
-
SHA256
626711816f27f8086c61e21a0ef5909fdf0966c75588e6a63690bf9bfe66b718
-
SHA512
46df9a446e7fc882d0d6bb071f9250ff52e808816f341de2a895d35f5ad06538336dbc3c575ea6cba29f72fa08db00c0e8fc5ec073e85f3ba52f816932f021eb
-
SSDEEP
6144:mu9fhGOWTKyB2Xfe6P+vgipFNXDsS3E/yiFMhI3l0DQ8ns:PGp2P0vgibNTj3yFL3lgQ8s
Static task
static1
Behavioral task
behavioral1
Sample
purchase order pdf.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
purchase order pdf.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
webmaster - Email To:
[email protected]
Targets
-
-
Target
purchase order pdf.exe
-
Size
356KB
-
MD5
be60ea5cc4efb226b78a6a257ff112fd
-
SHA1
1bc68e94bf651242cd3ca51c34f9113992d4f9a7
-
SHA256
d7531e4728438f15714cd44a6ed353d5117b4a3b6db1ece8b945ca8eb0b1408d
-
SHA512
dcb28bde9d6d4726d59c3b62915992c26bbb1cd2f85a89895f8a2ada3ba11c79d0e4dcda4ebac14c257db09ccd0db05959af2db2e2032f622ed6cac8d724400f
-
SSDEEP
6144:CI8dwrN+sNKki7FYkxcpVotE2586h8YQbWTODuQckHooppgNoo9ELQbkm8UbL0:GUFtOq3Ct186eKwrc+np+Nos9km8U
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-