General
-
Target
img_RFQ CHEM_REF - Aanbesteding - PROJECT 90016288247_pdf.exe
-
Size
3.1MB
-
Sample
240603-ltyb1abg77
-
MD5
3ad4e0b624ab5e54bb4c9d65aa30ec7e
-
SHA1
2fa62613a8d66c85b29c29e89482b90c91d96f58
-
SHA256
ffdec1b87d247393a922973571b8bfa88219a418230abb916105b170e814950a
-
SHA512
8ba7cea4f4e7b131bb84005e6bf3d00793d1b2e1ce5f308ac0b7150a37b479e6395099bad575a51e55bc471bc768de4e4d21f2239c244746c0562ec1f294a335
-
SSDEEP
49152:g8yJAk206NICMq5pzKRgqVzK+BgFN/GIm0w0env:XBsuZenv
Static task
static1
Behavioral task
behavioral1
Sample
img_RFQ CHEM_REF - Aanbesteding - PROJECT 90016288247_pdf.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
img_RFQ CHEM_REF - Aanbesteding - PROJECT 90016288247_pdf.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
BTwcMq@2 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
BTwcMq@2
Targets
-
-
Target
img_RFQ CHEM_REF - Aanbesteding - PROJECT 90016288247_pdf.exe
-
Size
3.1MB
-
MD5
3ad4e0b624ab5e54bb4c9d65aa30ec7e
-
SHA1
2fa62613a8d66c85b29c29e89482b90c91d96f58
-
SHA256
ffdec1b87d247393a922973571b8bfa88219a418230abb916105b170e814950a
-
SHA512
8ba7cea4f4e7b131bb84005e6bf3d00793d1b2e1ce5f308ac0b7150a37b479e6395099bad575a51e55bc471bc768de4e4d21f2239c244746c0562ec1f294a335
-
SSDEEP
49152:g8yJAk206NICMq5pzKRgqVzK+BgFN/GIm0w0env:XBsuZenv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-