General
-
Target
MT_07562_133420XLS.rar
-
Size
62KB
-
Sample
240625-psfbkstalk
-
MD5
1bae953b9c50304811b07f580adb5e83
-
SHA1
f33585ef86b13bb67900a98c7ad54ef49b910d7b
-
SHA256
6368e7f6e1b8e793d7864486e101e6932208c7c17275dd3e73a8dc126019ec37
-
SHA512
0b067e6a163f4c6d2618e28a8ae9554991b7d3c7f60afa27ff28f376a7e01252570f2a31b4a799643bc203d256ce746d71e240d2e6b0e47586103094b42018b1
-
SSDEEP
1536:aKmL3l9ivmmHULUQaCtMPGvIDOQ56+uA47Pw7iRjI1XDBDQbUCvxV:xmh4vmMo+CtMOAU+uIWU1XDuYCZV
Static task
static1
Behavioral task
behavioral1
Sample
MT_07562_133420XLS.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
MT_07562_133420XLS.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
ABwuRZS5Mjh5
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
ABwuRZS5Mjh5 - Email To:
[email protected]
Targets
-
-
Target
MT_07562_133420XLS.exe
-
Size
193KB
-
MD5
1dece18cd7dbc90b9c7cc14c32323fe2
-
SHA1
7d7b25abe1a2fccfec391243195183f46fd58075
-
SHA256
648c0b3c1b0dc2b6999e838be1d518dd85a64068fab427c45c13accb29903bcb
-
SHA512
e58f328e913117b17f077cf4d86fd4e72861bf24d480812adf5d78a6735cec39dda6c146a5910dc2e1d5333c9acb05330a9cf9655178b21418f74813b43eff02
-
SSDEEP
3072:LBQysWswtzTMpJJJJJJJJJJJJJJJJJJJ9ICpf4gz2rqpWCCx:LBQ0smQKY4prq4CC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-