General
-
Target
YU HENG STAR.PDF.lzh
-
Size
615KB
-
Sample
240625-l9v7kswhnl
-
MD5
01e22fe838dd78b08240e724cd80199c
-
SHA1
4dd4a551b04bfa64d2482a134ff3ef5b5bba547b
-
SHA256
7363b8e62c1b72eaa17fd0a40ad415df67a97352b3bd65a8b25d2a14bf8b0bc4
-
SHA512
00053122375a3c4aed668b21926ad7ff44ae3be07126d0e45fef17b29a5d9438a6c2e120c4deef4070d614e91bd20ea9007067e521d50194c63817497e5fe542
-
SSDEEP
12288:3UB491I7V3vckc2+Nr/LoGG6nQu81DMVvEZzK8+lrEGRC5rHwdl/3OUgy+9Wq:3U4uvckc2YTLoGHODwvpZnC5Mdl/gyaT
Static task
static1
Behavioral task
behavioral1
Sample
YU HENG STAR.PDF.scr
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
YU HENG STAR.PDF.scr
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Extracted
Protocol: ftp- Host:
beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
YU HENG STAR.PDF.scr
-
Size
661KB
-
MD5
7359f4e87c30694572e3b8114c231d3d
-
SHA1
ec4fb04fcbae5e464795c1589c352a4c6521c452
-
SHA256
1e8be8a54b18368f46ec0d47a0931bacb773855f49c0b444dcbff60502e71fb6
-
SHA512
4a7425980e88a7009bf1f1b6974bd8b6e3ba7e7e880c2975282113f2aa32eeba6dc0177e0643b4dad0fca58179a3ec7473f7d8db2cd239b7d0265261c55dc354
-
SSDEEP
12288:5a4wtNTxp+3tDwOzR8iucTfsINp7F82s8jUApCDrtRc4yNpC:A3p+NwOWiucLVp7aztAp8gn
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-