General
-
Target
Requirement Specification.exe
-
Size
3.4MB
-
Sample
240603-lw4xkabh66
-
MD5
86b91372dc46212aa7f5310339a6f7f3
-
SHA1
ddfd08661f0f3a515c3802cf3042b002d1748d53
-
SHA256
564d2275edd8f622be6717d156c627a346f330549ca2f266985e49a4e5e17204
-
SHA512
6f2dfbb44854f6021752691d3c4328cdd6b40695fc923b0c28f8432d8c9d4fa217e75dce067ed86a58f8d8e424593035fb3084bee5a1b6b29fa5b872e1211210
-
SSDEEP
49152:h8yJAk206NICMq5pzKRgqVzKfxgF2/yjmQkk2:2Bsb/kk2
Static task
static1
Behavioral task
behavioral1
Sample
Requirement Specification.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Requirement Specification.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
business29.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
Mas_#()@?"obo""" - Email To:
[email protected]
Targets
-
-
Target
Requirement Specification.exe
-
Size
3.4MB
-
MD5
86b91372dc46212aa7f5310339a6f7f3
-
SHA1
ddfd08661f0f3a515c3802cf3042b002d1748d53
-
SHA256
564d2275edd8f622be6717d156c627a346f330549ca2f266985e49a4e5e17204
-
SHA512
6f2dfbb44854f6021752691d3c4328cdd6b40695fc923b0c28f8432d8c9d4fa217e75dce067ed86a58f8d8e424593035fb3084bee5a1b6b29fa5b872e1211210
-
SSDEEP
49152:h8yJAk206NICMq5pzKRgqVzKfxgF2/yjmQkk2:2Bsb/kk2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-