General
-
Target
Remittance Advice.exe
-
Size
586KB
-
Sample
240619-lq26sasfjq
-
MD5
acb0acfc7c97d9cdbe9bcd8deccc2113
-
SHA1
7e57a316d051a2c560783e59bb7d5ebe658380f4
-
SHA256
cfe669ff40d1958d9566346fb1875fd88f910a4e8cdde92de5ade9a5e9b08f02
-
SHA512
939989e86506c7bfb5f2b8effda4432924ed3a291aa4da064bbf4fb8953b8b4b063108f91bff131fd046e46c9f5d0e8b60b8190828f38b8ef5627900531a8a9d
-
SSDEEP
12288:fYV6MorX7qzuC3QHO9FQVHPF51jgcQjA71nXExRjnpM7B:sBXu9HGaVHLBXExNqF
Behavioral task
behavioral1
Sample
Remittance Advice.exe
Resource
win7-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.fokusmuhnedislik.com - Port:
587 - Username:
[email protected] - Password:
IFYBVGQ1 - Email To:
[email protected]
Targets
-
-
Target
Remittance Advice.exe
-
Size
586KB
-
MD5
acb0acfc7c97d9cdbe9bcd8deccc2113
-
SHA1
7e57a316d051a2c560783e59bb7d5ebe658380f4
-
SHA256
cfe669ff40d1958d9566346fb1875fd88f910a4e8cdde92de5ade9a5e9b08f02
-
SHA512
939989e86506c7bfb5f2b8effda4432924ed3a291aa4da064bbf4fb8953b8b4b063108f91bff131fd046e46c9f5d0e8b60b8190828f38b8ef5627900531a8a9d
-
SSDEEP
12288:fYV6MorX7qzuC3QHO9FQVHPF51jgcQjA71nXExRjnpM7B:sBXu9HGaVHLBXExNqF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-