General
-
Target
Bill of Ladden,Invoice & Packing List.exe
-
Size
692KB
-
Sample
240617-v49mfsxelg
-
MD5
3abca3d01e518e48b9d575b2bbdc65c8
-
SHA1
85d9b7354ac39e47fdd2abb42989ca128c45315d
-
SHA256
3bab8fe003450bf70cd9ec8c2b92d042d92167da4942046f104f6b3139663a96
-
SHA512
a7cc95fd098df66fa96e04941e032927a5b088f74865f501bf476095e8b236775e4818f2b70c7d4dfadae4e9d1fde7c9c5e836bfcc5839a20c6a5f2212a8a05c
-
SSDEEP
12288:uKByCK2xrOoyepvItIvwJq1kugH+s++zfq0HNqbR1FjOgpkR:LByC5yoapsubQ+f3tM1q
Static task
static1
Behavioral task
behavioral1
Sample
Bill of Ladden,Invoice & Packing List.exe
Resource
win7-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jvpgclub.com - Port:
587 - Username:
[email protected] - Password:
Suman$2024 - Email To:
[email protected]
Targets
-
-
Target
Bill of Ladden,Invoice & Packing List.exe
-
Size
692KB
-
MD5
3abca3d01e518e48b9d575b2bbdc65c8
-
SHA1
85d9b7354ac39e47fdd2abb42989ca128c45315d
-
SHA256
3bab8fe003450bf70cd9ec8c2b92d042d92167da4942046f104f6b3139663a96
-
SHA512
a7cc95fd098df66fa96e04941e032927a5b088f74865f501bf476095e8b236775e4818f2b70c7d4dfadae4e9d1fde7c9c5e836bfcc5839a20c6a5f2212a8a05c
-
SSDEEP
12288:uKByCK2xrOoyepvItIvwJq1kugH+s++zfq0HNqbR1FjOgpkR:LByC5yoapsubQ+f3tM1q
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-