General
-
Target
Purchase Order UHS - Laos PO 11032.exe.zip
-
Size
752KB
-
Sample
240910-xrpgvszdmk
-
MD5
144a8d17785ee1f5a8b1b1c869d62408
-
SHA1
8ed92d76f55ca610825d47d469c6a6b517a957a3
-
SHA256
e2c55016de68f9ce5bfdcee09ee6c81cd26d0ffcc0c8909cc72b5da3bb15bec3
-
SHA512
8a2acabaef7e95d6d90198c1bc7329f50323b56917eb59f1f2df01f9d7b63f4096307f51651182dffbd7cd8e02a88b1a3912e7a27ba1b7c1fa833be131d7a7a4
-
SSDEEP
12288:zryKw+LTD8BPLLuRNk9flpQhcEkpO/hoN+kEjUF09M+cCr+qwIPXkIxpcbSu:fBw+kyRcQqEkyhoN+VUF09MFCrjVxBu
Malware Config
Targets
-
-
Target
97b779c4ac8c33592bd548093f57dea6d8e2a2fdc21ae9742399472bff0f0698
-
Size
1.1MB
-
MD5
823fe9c578d1d7d4c15c0956cae9f3c3
-
SHA1
2aac0448f918b51b9e05885b55a1bc98878011f4
-
SHA256
97b779c4ac8c33592bd548093f57dea6d8e2a2fdc21ae9742399472bff0f0698
-
SHA512
c8d53d4d740362470e4c3754f7cf4062139adf0cf5ee7698dc8c3832cd23d0cea2d98e685108a9c26ef3d71a845d01b5104bf5f90474d4f055951fd12d1d8266
-
SSDEEP
24576:B4lavt0LkLL9IMixoEgeaUMDXpwgpRdq9MmCS:Qkwkn9IMHeaUMjptlaPCS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-