General
-
Target
Booking-103.rar
-
Size
1.0MB
-
Sample
240923-hqxphsyell
-
MD5
d4227c5e64fe6fdf86d0e61052ac8242
-
SHA1
dfccfbb5680d8c855a54528cec8ee545d9b317d7
-
SHA256
442c980afd52f6d5743d56e9092648169860391e770751eed65a6db619dd2298
-
SHA512
f5bc87a7b68c476ce0f27a2fd1e386a7b533bdb85144c1a97f6bce89dfbaaa444d26f80ddf5ca91b501af89c664632686b318560b7873881e246eeaf1c860349
-
SSDEEP
24576:jD9CGzAuS9OLP/rnHR2CFJmSkLG3EBboJ1XnBRiXi:jDUUAL9wd/xk9bsrr
Static task
static1
Behavioral task
behavioral1
Sample
Booking-103.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Booking-103.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
ABwuRZS5Mjh5 - Email To:
[email protected]
Targets
-
-
Target
Booking-103.exe
-
Size
1.2MB
-
MD5
719c383a8fada83f805b51239a2aa783
-
SHA1
0893fcf8a3a27f38b416b0c56ac88f96556262f5
-
SHA256
1f2c15231eafbca1fb5a99d5abb83254ac352a60aee2ad1b0c9b5a3ec79c5a39
-
SHA512
90771d390455cfd394ff93bdad99515ac400ef918fcd3215ea19f5d06b79927117d87d34f7845d1f937fd71246441c1b43f4b056131bf13764dfe38479cd6133
-
SSDEEP
24576:VDenzYxgITPxj/Xtk1YGm56Td53/Pdbgn06bbC9:9ezsPj/XomI5vPdbAbm
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-