General
-
Target
JP_Order IMG_PO 00844138 - No. 2400228341_pdf.exe
-
Size
3.2MB
-
Sample
240612-he9jyatakf
-
MD5
1c9ab100099e544b4b60e206211d07db
-
SHA1
0ef441f8542a21729c5dae3fe1965ac85efa61ba
-
SHA256
266bc45186c33092a506a6d36dce1a2f2f07dbff50d2d09dbd7ebd82b8894398
-
SHA512
3ed38ccb71b9054e2091934f671302421ed9d0257ea1360372d90ed4ba42d179b6d83bc360633610ee6ac5c68821310e2eac667d852e91dfd3c0dfb11f26409b
-
SSDEEP
49152:iVs5urLO7ffMKkU+efWBH7DSTEfdebYazMxgFzfYIZvC0DI:OrnHeNHlC
Static task
static1
Behavioral task
behavioral1
Sample
JP_Order IMG_PO 00844138 - No. 2400228341_pdf.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
JP_Order IMG_PO 00844138 - No. 2400228341_pdf.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
@#Qwerty12345 - Email To:
[email protected]
Targets
-
-
Target
JP_Order IMG_PO 00844138 - No. 2400228341_pdf.exe
-
Size
3.2MB
-
MD5
1c9ab100099e544b4b60e206211d07db
-
SHA1
0ef441f8542a21729c5dae3fe1965ac85efa61ba
-
SHA256
266bc45186c33092a506a6d36dce1a2f2f07dbff50d2d09dbd7ebd82b8894398
-
SHA512
3ed38ccb71b9054e2091934f671302421ed9d0257ea1360372d90ed4ba42d179b6d83bc360633610ee6ac5c68821310e2eac667d852e91dfd3c0dfb11f26409b
-
SSDEEP
49152:iVs5urLO7ffMKkU+efWBH7DSTEfdebYazMxgFzfYIZvC0DI:OrnHeNHlC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-