General
-
Target
Potwierdzenie zamówienia.doc.exe
-
Size
980KB
-
Sample
240625-km58lasfkq
-
MD5
0467f16b8891b0099fa42bd814fcdb74
-
SHA1
814610a42c6b96cd2cc06960e8611e76815f9194
-
SHA256
0e063e3eebf7902a502fecbb863f3b63081bd444ce3bb2d7d50b03a515acb4a9
-
SHA512
3ff0f6ef113b9f4025dacaa8976ec1faaf12d7cd056bab973ef47c4ef3df0c117a2e2b9bdc76093a2c915716e69487f78694e9552ef97c82411eaf350b2c721d
-
SSDEEP
24576:k0m/x4xgF9hmDGvCEcXWZ64mZPWM1H2f:k0PgBZI7hWMF2f
Static task
static1
Behavioral task
behavioral1
Sample
Potwierdzenie zamówienia.doc.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Potwierdzenie zamówienia.doc.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.caldas-cca.com - Port:
587 - Username:
[email protected] - Password:
M34gN34sZS0Az - Email To:
[email protected]
Targets
-
-
Target
Potwierdzenie zamówienia.doc.exe
-
Size
980KB
-
MD5
0467f16b8891b0099fa42bd814fcdb74
-
SHA1
814610a42c6b96cd2cc06960e8611e76815f9194
-
SHA256
0e063e3eebf7902a502fecbb863f3b63081bd444ce3bb2d7d50b03a515acb4a9
-
SHA512
3ff0f6ef113b9f4025dacaa8976ec1faaf12d7cd056bab973ef47c4ef3df0c117a2e2b9bdc76093a2c915716e69487f78694e9552ef97c82411eaf350b2c721d
-
SSDEEP
24576:k0m/x4xgF9hmDGvCEcXWZ64mZPWM1H2f:k0PgBZI7hWMF2f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-