General
-
Target
Letter Of Intent.rar
-
Size
240KB
-
Sample
240625-lnjlnavfqp
-
MD5
bf529c1fb7c64dc3cd75d706c0b515f7
-
SHA1
a0094daca07d914aefba8023dbd3f8963e91a104
-
SHA256
464c93aae13245401f57dfd8bf43449304893003689ee140a3c4f272c147e4c3
-
SHA512
b125a5ab7f59ed19bc278fbc0f3d97ad6811e58efb7ab0fccc99a793876d2e68d46191022558cf74b9e861241e44a2edcb0354178a289cc77af22f4985c48b5a
-
SSDEEP
6144:MxHwGa7Up1qZm9vTYuH9kTM1msmxIRq61H/iecblZ6:yO7Up1qZSvDKTMN6IRHH650
Static task
static1
Behavioral task
behavioral1
Sample
Letter Of Intent.vbe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Letter Of Intent.vbe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
AvydGQ8TIDH9 - Email To:
[email protected]
Targets
-
-
Target
Letter Of Intent.vbe
-
Size
1.2MB
-
MD5
39eb2e490f0ee978f78ae64b4c83a058
-
SHA1
66f9b5eaf2a5fda1d76f76c4aeaa40b0b5b56beb
-
SHA256
78b7988aeae77efe1cf4f1bcf776911956f6668b3a8f74d35ae87219eab3b268
-
SHA512
7f9c866ae003e4d80120ad949510c98fb5b74a5b0d7f81994130096c8efacb89e30d4a9308e4bb1baa5d801f257a4f3f648ed6e3b1b0fa148c7048549108d293
-
SSDEEP
24576:srX9rJOHfhHtKdE6+WX2wcdgQtt4aCKIFMV+PANNLPM2H92W27PmM51YYuB9FwtA:p5Hr
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-