General
-
Target
PURCHASE ORDER.pdf_____________________________________________________________________.exe
-
Size
771KB
-
Sample
240612-rxelyssckj
-
MD5
3adf7ea1dce08cca2dbaef89283a78c2
-
SHA1
9eb9e00dac6cf838067a4adb6572ed2540ef5647
-
SHA256
eff9d3d2ef7056b17de810f0a56e975ddd113b209019fc952d7a34cd58833862
-
SHA512
0a0164ad0b9d12660a9f1c58f07b6bf66dbd9e481c663f994a4b0eaeac216f21534ff4504d25618e7448538195086d89e960e47f726c200a07206b8ed208c457
-
SSDEEP
12288:7k3JVD0zzIa0nqErBg4wFt0jod3ZCTCNgiYC/72BmKBQACR5leZlN7JkR:YP1a0qcBgWKqhiYCCTQA+erJU
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.genitechpower.com - Port:
587 - Username:
[email protected] - Password:
+wc#g7Rn%{do - Email To:
[email protected]
Targets
-
-
Target
PURCHASE ORDER.pdf_____________________________________________________________________.exe
-
Size
771KB
-
MD5
3adf7ea1dce08cca2dbaef89283a78c2
-
SHA1
9eb9e00dac6cf838067a4adb6572ed2540ef5647
-
SHA256
eff9d3d2ef7056b17de810f0a56e975ddd113b209019fc952d7a34cd58833862
-
SHA512
0a0164ad0b9d12660a9f1c58f07b6bf66dbd9e481c663f994a4b0eaeac216f21534ff4504d25618e7448538195086d89e960e47f726c200a07206b8ed208c457
-
SSDEEP
12288:7k3JVD0zzIa0nqErBg4wFt0jod3ZCTCNgiYC/72BmKBQACR5leZlN7JkR:YP1a0qcBgWKqhiYCCTQA+erJU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-