General
-
Target
AccountConfirmation......pdf.exe.bin
-
Size
697KB
-
Sample
240518-gvy8gafb25
-
MD5
9f4102e5fceb9bd887e7a9ed955e13cb
-
SHA1
d22341c77383ff02ac35b8263a427901eed845ab
-
SHA256
a6b131e76e6f1ebeb8c3aa7bc8ce1aebbe1882fac9bfac66c5509b279f77da8c
-
SHA512
1cbd89c286532c6ce474d91adb39de6d63755d213960980534c79ed5091fdf1043576b3bc734eafa4264c66563f85b132f0600766f3fe8b80bce3023a9d63ed0
-
SSDEEP
12288:cdrLbDZaNRpPPwPqhJ3vyuUSp3z0BhN0L0tEsKW57YMFKz:yLDZMRpPPga3aG1eGpLzPz
Static task
static1
Behavioral task
behavioral1
Sample
AccountConfirmation......pdf.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
AccountConfirmation......pdf.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.claresbout.com - Port:
587 - Username:
[email protected] - Password:
^ZQXhEV0 - Email To:
[email protected]
Targets
-
-
Target
AccountConfirmation......pdf.exe.bin
-
Size
697KB
-
MD5
9f4102e5fceb9bd887e7a9ed955e13cb
-
SHA1
d22341c77383ff02ac35b8263a427901eed845ab
-
SHA256
a6b131e76e6f1ebeb8c3aa7bc8ce1aebbe1882fac9bfac66c5509b279f77da8c
-
SHA512
1cbd89c286532c6ce474d91adb39de6d63755d213960980534c79ed5091fdf1043576b3bc734eafa4264c66563f85b132f0600766f3fe8b80bce3023a9d63ed0
-
SSDEEP
12288:cdrLbDZaNRpPPwPqhJ3vyuUSp3z0BhN0L0tEsKW57YMFKz:yLDZMRpPPga3aG1eGpLzPz
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-