General
-
Target
MV TB QUANZHOU FULL DESCRIPTIONS 18-06-2024.exe
-
Size
1.4MB
-
Sample
240618-ss15tsyhrf
-
MD5
4f28e13fed437e82ac249902f4f6a2c5
-
SHA1
0dfbf2130e050e55a54680e5bbf68850233aaf93
-
SHA256
615220f794e0a78c563dcec24f6ddfe01fc518a720ed3231f0cdd8733247fcaf
-
SHA512
e2613e4f277a6c5e2bd9ed844ec1b7afa04eb5f6692ecaf7a3d6a0ced414c0efe2cf541daa433edd89a9bfd4fe7a4cf636d88dc13024848155eec407f0ef9282
-
SSDEEP
24576:cAHnh+eWsN3skA4RV1Hom2KXMmHanpl08MR/j+4SJblmurHLFE5:7h+ZkldoPK8YanpfMR/j+48Lrc
Static task
static1
Behavioral task
behavioral1
Sample
MV TB QUANZHOU FULL DESCRIPTIONS 18-06-2024.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
MV TB QUANZHOU FULL DESCRIPTIONS 18-06-2024.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.kenvue.cam - Port:
21 - Username:
[email protected] - Password:
adreport12345
Targets
-
-
Target
MV TB QUANZHOU FULL DESCRIPTIONS 18-06-2024.exe
-
Size
1.4MB
-
MD5
4f28e13fed437e82ac249902f4f6a2c5
-
SHA1
0dfbf2130e050e55a54680e5bbf68850233aaf93
-
SHA256
615220f794e0a78c563dcec24f6ddfe01fc518a720ed3231f0cdd8733247fcaf
-
SHA512
e2613e4f277a6c5e2bd9ed844ec1b7afa04eb5f6692ecaf7a3d6a0ced414c0efe2cf541daa433edd89a9bfd4fe7a4cf636d88dc13024848155eec407f0ef9282
-
SSDEEP
24576:cAHnh+eWsN3skA4RV1Hom2KXMmHanpl08MR/j+4SJblmurHLFE5:7h+ZkldoPK8YanpfMR/j+48Lrc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-