General
-
Target
ac5313dbc767e5cd8df1304df0bb2646e7f31984bd6e4d1668f4f77886d8a310
-
Size
1.2MB
-
Sample
240426-ckbl7shb8t
-
MD5
0b37048f55e22780bde72ed8d1af65cb
-
SHA1
8cc5ba05e5369439cf7ab0650f37dc4913e09570
-
SHA256
ac5313dbc767e5cd8df1304df0bb2646e7f31984bd6e4d1668f4f77886d8a310
-
SHA512
9a78a52121c2db835568c23c432c9743c71e544e8f2c68a091b155a76b0b9101d61df80ab9c7d4cc76b2767a5a0bb9e504f3ab15d0fecd3133b5880cae8f9c56
-
SSDEEP
24576:rWYIPFannnHg2a1X86rx5ZRvr/FujpRrfrQB:5E1Xtx57bFirf
Static task
static1
Behavioral task
behavioral1
Sample
UOB_OutwardRemittance_Copy_____PDF.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
UOB_OutwardRemittance_Copy_____PDF.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alwayssafepackers.com - Port:
587 - Username:
info@alwayssafepackers.com - Password:
packersafe@123 - Email To:
euroxnt3@mail.com
Targets
-
-
Target
UOB_OutwardRemittance_Copy_____PDF.exe
-
Size
731KB
-
MD5
5a072d7b9b68b811c0a25a97f243da20
-
SHA1
25c4e8c956a0a103b15a0b8738d363df17ad1ecd
-
SHA256
5a74ebfda8a42bb7057414bc3f9248d7b199e409fdf87412724774e7c027de6e
-
SHA512
dbfb38104cef3f589e613ced5324ed6b28b0dbe80d7354ab4e934f9efd420ee313fff09a9da2fb0ef17845e9ef23c1f20bbf70facc864303a5844e66e8822474
-
SSDEEP
12288:yWYIPXjxannnHg26Cu1rX86rxiG2hGZRgaWS1y8zLluAf4lp8cagBfrdiBXkR:yWYIPFannnHg2a1X86rx5ZRvr/FujpRp
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-