General
-
Target
PO76389.exe
-
Size
851KB
-
Sample
240603-lvhb6sbg95
-
MD5
b78a41cfedbd72be9cda0c2e8b456b9b
-
SHA1
842a457a15cd9b35c930e86aa3adca801231c0c9
-
SHA256
b43813d1e597a0633fc8693d5921688a8b189cfdc6c74fda22e42c2aefa3270c
-
SHA512
2511b4647e030b02b3441fdf17259fa49547dead3c3b19d4a8bd04b1825d5bbe464d00cee273bd35f06a14bb66c135453e8d381bdf2b8c0fc2d5e5ba5edaecee
-
SSDEEP
12288:PMYeaky/Qa0KP1x+kPwu9JaGYd89Lt/rFfaolj2YqEvlw7KZNy6XXSJFY/SYwkiN:PMYej0N5iYKR6XXSvY/STixHu9Iif
Static task
static1
Behavioral task
behavioral1
Sample
PO76389.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PO76389.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.psgrasa.ir - Port:
587 - Username:
[email protected] - Password:
mahsa730101 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.psgrasa.ir - Port:
587 - Username:
[email protected] - Password:
mahsa730101
Targets
-
-
Target
PO76389.exe
-
Size
851KB
-
MD5
b78a41cfedbd72be9cda0c2e8b456b9b
-
SHA1
842a457a15cd9b35c930e86aa3adca801231c0c9
-
SHA256
b43813d1e597a0633fc8693d5921688a8b189cfdc6c74fda22e42c2aefa3270c
-
SHA512
2511b4647e030b02b3441fdf17259fa49547dead3c3b19d4a8bd04b1825d5bbe464d00cee273bd35f06a14bb66c135453e8d381bdf2b8c0fc2d5e5ba5edaecee
-
SSDEEP
12288:PMYeaky/Qa0KP1x+kPwu9JaGYd89Lt/rFfaolj2YqEvlw7KZNy6XXSJFY/SYwkiN:PMYej0N5iYKR6XXSvY/STixHu9Iif
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-