General
-
Target
24b025d4d84091334243f7b250e5976014afb977e48686ce61594d2695091f11
-
Size
814KB
-
Sample
240928-q4ckhayemr
-
MD5
7b41f4c7d2134f3ee2a43e1a05bc70d4
-
SHA1
67ed084615b1c59b831cd5435b56bfef7f4b2b9d
-
SHA256
24b025d4d84091334243f7b250e5976014afb977e48686ce61594d2695091f11
-
SHA512
e1956b219bee2a2c84f05e2df47234709b94e49674465ab50c0005559cd1da67303a492e3f4ac45826297d6bd5a896198b08719439df535eb45d3fe830610427
-
SSDEEP
24576:dKWSrt7MzZa3ZUuXyIjF6adXJJ9a3RgmEBSQ:dKzrtxZUKJ6a/rauLSQ
Malware Config
Extracted
Protocol: smtp- Host:
mail.ppg-pa.com - Port:
587 - Username:
[email protected] - Password:
DKKfy2001$
Targets
-
-
Target
Roundcube account_New_activities_June_06_24___eml.exe
-
Size
1.3MB
-
MD5
44458945e94a220f25a7c9be7a00431e
-
SHA1
c8bf329b998fccc2af3c7c1abb7226d666ce2401
-
SHA256
5f3b37688eecd92c1ef6fee755f65bc758972a260e74986407e7e7c51dcb5276
-
SHA512
ff729f50f129d013f8eb4fcddafc3d7eae23c879a8d828420e98fa1daa81ef2d9b82e7ace3f065d230d7b22e6a8d3199da6c716af58166e4f8e805f332bf3242
-
SSDEEP
24576:RAHnh+eWsN3skA4RV1Hom2KXMmHaIGQq3t9JT90/jgmsBsrYm5:oh+ZkldoPK8Yaoq3dB0MlsrZ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-