General
-
Target
INDIA - VSL PARTICULARS.pdf.exe
-
Size
1.2MB
-
Sample
240926-d37b9svfrk
-
MD5
6f780b2d3c14a3c9bb7c99c818421ea1
-
SHA1
a125c2a8cd2f4d4fbda4429bdae54e85eec396a2
-
SHA256
c7183b75ac8f638031abbb6bb3edd5223c626483d5cc82e6b30ae049de038a00
-
SHA512
73ae354dd618b311a413f23f759b6b56c1f256e631b998bcad01e2c48621e50fb9900e3f9848d4351f77995b95b1a5a6b686741baea844d083c051082460a5a8
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCVDIxOgo/lTHZQbJ0:7JZoQrbTFZY1iaCVq2Ce
Malware Config
Targets
-
-
Target
INDIA - VSL PARTICULARS.pdf.exe
-
Size
1.2MB
-
MD5
6f780b2d3c14a3c9bb7c99c818421ea1
-
SHA1
a125c2a8cd2f4d4fbda4429bdae54e85eec396a2
-
SHA256
c7183b75ac8f638031abbb6bb3edd5223c626483d5cc82e6b30ae049de038a00
-
SHA512
73ae354dd618b311a413f23f759b6b56c1f256e631b998bcad01e2c48621e50fb9900e3f9848d4351f77995b95b1a5a6b686741baea844d083c051082460a5a8
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCVDIxOgo/lTHZQbJ0:7JZoQrbTFZY1iaCVq2Ce
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-