General
-
Target
staff recordpdf2024.exe
-
Size
1.1MB
-
Sample
240913-lrl6yswgkj
-
MD5
0ec5e7c925699592bb6d5601cc7c30fd
-
SHA1
70f3707bb78d9fdd8e63c9a4ca69b3569c1311d0
-
SHA256
a0a9417b529beeb5889f15445f335e71b54815d8333048da716299fffac32d9f
-
SHA512
6f2568d66fd0f88a2ef3dbca9e49e0ccf0c22d01b81c6a0f25a8ff58f9d712e3932d5db51d4feba25e382f503f583a79d664d2f013aac7590d8b06526b6b5fc8
-
SSDEEP
24576:yCdxte/80jYLT3U1jfsWapOEmkOKkmg956Q:jw80cTsjkWapqFmg9j
Static task
static1
Behavioral task
behavioral1
Sample
staff recordpdf2024.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
staff recordpdf2024.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.myhydropowered.com - Port:
587 - Username:
[email protected] - Password:
nW5AoStmqtxtXpA
Extracted
agenttesla
Protocol: smtp- Host:
mail.myhydropowered.com - Port:
587 - Username:
[email protected] - Password:
nW5AoStmqtxtXpA - Email To:
[email protected]
Targets
-
-
Target
staff recordpdf2024.exe
-
Size
1.1MB
-
MD5
0ec5e7c925699592bb6d5601cc7c30fd
-
SHA1
70f3707bb78d9fdd8e63c9a4ca69b3569c1311d0
-
SHA256
a0a9417b529beeb5889f15445f335e71b54815d8333048da716299fffac32d9f
-
SHA512
6f2568d66fd0f88a2ef3dbca9e49e0ccf0c22d01b81c6a0f25a8ff58f9d712e3932d5db51d4feba25e382f503f583a79d664d2f013aac7590d8b06526b6b5fc8
-
SSDEEP
24576:yCdxte/80jYLT3U1jfsWapOEmkOKkmg956Q:jw80cTsjkWapqFmg9j
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-