General
-
Target
STATEMENT OF ACCOUNT.exe
-
Size
865KB
-
Sample
240603-lcpnjabc45
-
MD5
f76b4b71b1686a349e4f3c5770b27449
-
SHA1
1c033d5efb45f05d04ec962edd1d626149a0630c
-
SHA256
d46dd8b1ef453a087501831daa8ceddd875ad06a7f13ad06181f61f92e89d96a
-
SHA512
c82148c639149675da30cb638ce401d4f8cfd84ede59e6ce2e4c93585632be401d19bd18a833b6b8a939aa9fddf97f83799a5de2ff986ecfa0bb8ef98ec5ae1d
-
SSDEEP
24576:AMYeI6ZN5iYnadY8GsO98B08izf1nl0aq:AMYeXN5i2ChGSB0dnlq
Static task
static1
Behavioral task
behavioral1
Sample
STATEMENT OF ACCOUNT.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
STATEMENT OF ACCOUNT.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.springandsummer.lk - Port:
587 - Username:
[email protected] - Password:
anu##323 - Email To:
[email protected]
Targets
-
-
Target
STATEMENT OF ACCOUNT.exe
-
Size
865KB
-
MD5
f76b4b71b1686a349e4f3c5770b27449
-
SHA1
1c033d5efb45f05d04ec962edd1d626149a0630c
-
SHA256
d46dd8b1ef453a087501831daa8ceddd875ad06a7f13ad06181f61f92e89d96a
-
SHA512
c82148c639149675da30cb638ce401d4f8cfd84ede59e6ce2e4c93585632be401d19bd18a833b6b8a939aa9fddf97f83799a5de2ff986ecfa0bb8ef98ec5ae1d
-
SSDEEP
24576:AMYeI6ZN5iYnadY8GsO98B08izf1nl0aq:AMYeXN5i2ChGSB0dnlq
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-