General
-
Target
Remittance_Advice 26042024.rar
-
Size
767KB
-
Sample
240426-j6qftace3y
-
MD5
6e6c90594ca05dddeb1398f2c1fd1226
-
SHA1
e0d95d889f2d4e5ba2349e98755024eb2a6f91f3
-
SHA256
7505bdf96dd102139d059cd1e0ccf938dd4e4ec1626b14d4ccbb6cf0cf09c669
-
SHA512
8f023ec8c222637b243159ab857e742d3e49e0f635a3166cbd9de9e482747766b13c9e24f8853f564655cf072f1a95947ab639e6698273576d88cb67c0746084
-
SSDEEP
12288:kD7Vte+LMx+7MMCdIn8xynpsXYTYSDQ2/HKTm/9ZJhd4W3py4+77nO/koS+jqmXx:kDbe+LMxoMhZxeoV6J/qW3J15y4+7qGI
Static task
static1
Behavioral task
behavioral1
Sample
Remittance_Advice 26042024.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Remittance_Advice 26042024.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.innomedjsc.com - Port:
587 - Username:
[email protected] - Password:
s]~5ai)IFpr- - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.innomedjsc.com - Port:
587 - Username:
[email protected] - Password:
s]~5ai)IFpr-
Targets
-
-
Target
Remittance_Advice 26042024.exe
-
Size
837KB
-
MD5
f78fac7fbb75ddcc67dd7cb5b6b6ea97
-
SHA1
a9b9c8f3121cb128882d3e59b7ba2b045ce0792f
-
SHA256
cd3e530bfaf604d4e59e78d8d8761ab63f0d3d57beff38c1f4802993226af6bb
-
SHA512
ec39ce438175b8e431f28ec559f707fd631c66f7e9c4160e28639e12930be14163439b2f03b834433cf1cebcad0e87fa93028ce70148103bff09ee664970341c
-
SSDEEP
12288:9bqnHvjNIrpf9rN/mc/CbTrMSrJjxddkDEb8LjkyUtGWpGwvNqKdzPjzow4bkR:9uPjKr5BNDKvBn0kySRpGwoKFzow7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-