General
-
Target
17092024_0456_17092024_PO4356823.rar
-
Size
815KB
-
Sample
240917-fk3bpsvhph
-
MD5
6631e6af36b135b6beb09b57c9b61653
-
SHA1
7dce87f07d1d7195569e3d610ff6e5cd9f8000ac
-
SHA256
bdd8d6c312556d3ccc406f3484e159b140035e5b0c83fa361a0d802f3d911a30
-
SHA512
462bb545382186c5bd21a1ff638648a6eefe147ce7129c0673d7266081351b051884dff7585116aa84a4dbfbc9a4de8be5066dd0fffaf61187839ae35bfeac1e
-
SSDEEP
12288:p+6Us22R2wE3Q4HNJiCojN3eCgrt9zyUZQwiLqBPf89BNvVuAFI4Gq/+Wie3qQb/:pSR0LD4tJiCxryUVjPf8Ba4hGHfQbI0
Static task
static1
Behavioral task
behavioral1
Sample
PO4356823.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PO4356823.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bonnyriggdentalsurgery.com.au - Port:
587 - Username:
[email protected] - Password:
eL)rV@QBKA#m - Email To:
[email protected]
Targets
-
-
Target
PO4356823.exe
-
Size
1.1MB
-
MD5
07a958109854778ba3f891872d8d0734
-
SHA1
4dc9a5067843fccd066bc6de7386760471ce46de
-
SHA256
3251093aa6fdae864fe5072d57e4b976ae384281f5a6b1e707a15ceb8af152b1
-
SHA512
f82216eb457b98d0f3c74d3385338e48111a8b701d3a8b69507dab09dfe8a4586f7ff0bea3762da9411f8d31c96bee9d4036aabd55a926b24c58f706bac07039
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaC1jU5S7Ufq510csTteku0mAgI/o:7JZoQrbTFZY1iaCL7Ufqr01teUmAR/o
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-