General
-
Target
XIN LIAN OCEAN - 12th hire.rar
-
Size
588KB
-
Sample
240619-ssmbnsxdjp
-
MD5
45c720a2b4f28b52c5db6f7582eaf0ac
-
SHA1
749e563bb983ef96087f2597423b971cc012bc22
-
SHA256
a4c04980defc06c392ab44b4a1a6ec33bed85edefdaa4ddf9b0fcb2d37587e3d
-
SHA512
c9a4265f332833258619c5043bd8b17db539d3e048353b7d28b2b8b41c31de090c7f64798e837b93abee46d3b0e9395d11d53c584ff96a078d3162b6d8b7dbc5
-
SSDEEP
12288:BwK8edctZNpH7DDwXxQ7ursuRc3UBY8fKdNIVTiq9A81uSSKAM4:BwedctZL0xQ7urpR1LHVhA83k
Static task
static1
Behavioral task
behavioral1
Sample
XIN LIAN OCEAN - 12th hire.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rrcindia.co.in - Port:
587 - Username:
[email protected] - Password:
Goyal@0783 - Email To:
[email protected]
Targets
-
-
Target
XIN LIAN OCEAN - 12th hire.exe
-
Size
619KB
-
MD5
54717bd17e89c3a6f5a50dcf44eac950
-
SHA1
f501915427a67f49e84610bcda2815e1878f42c3
-
SHA256
16543a3c488ed91a0a0a6c0ae664808f054a6675924826eb2b0174e007fdd1bb
-
SHA512
b76f2c391b418f238b3c5ab95e91131b4dc483fbad626f53e70e355e9f7d72a3b299d325b3d7930defcede4875307a705d70cc91d6d67ade5aea04a10ce7ec11
-
SSDEEP
12288:awiwSEb5Oy9jciqU09DZOi4WUi51EUJIkzsfu2WRP89RFkj7D:7jwajp09DZjUiTnIssfuxGb2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-