General
-
Target
Payslip_October_2024_pdf.exe
-
Size
1.3MB
-
Sample
241104-cqqcjsznay
-
MD5
00d35f16da780121846ac5345e6fddd5
-
SHA1
dc1610ef8a4f55cccf4ebabd3517b9b5706ff262
-
SHA256
30f53c188f4ca288bab139778eb5426ee3db92ddc779c8df149b501334dd8dbb
-
SHA512
87c4f25ac6c9db33b933d3873fba2212751707da4f31b20cfaa67e6bd5b6fb8d3a3a938deed44e5bfed7219070a1f09d7fc24cd1ed63c41302ed90a49e7d9aac
-
SSDEEP
24576:pAHnh+eWsN3skA4RV1Hom2KXFmIa89tlB5Rg0V7kZ5:wh+ZkldoPK1Xa8/j5RgyG
Static task
static1
Behavioral task
behavioral1
Sample
Payslip_October_2024_pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Payslip_October_2024_pdf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.haliza.com.my - Port:
21 - Username:
[email protected] - Password:
JesusChrist007$
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.haliza.com.my - Port:
21 - Username:
[email protected] - Password:
JesusChrist007$
Targets
-
-
Target
Payslip_October_2024_pdf.exe
-
Size
1.3MB
-
MD5
00d35f16da780121846ac5345e6fddd5
-
SHA1
dc1610ef8a4f55cccf4ebabd3517b9b5706ff262
-
SHA256
30f53c188f4ca288bab139778eb5426ee3db92ddc779c8df149b501334dd8dbb
-
SHA512
87c4f25ac6c9db33b933d3873fba2212751707da4f31b20cfaa67e6bd5b6fb8d3a3a938deed44e5bfed7219070a1f09d7fc24cd1ed63c41302ed90a49e7d9aac
-
SSDEEP
24576:pAHnh+eWsN3skA4RV1Hom2KXFmIa89tlB5Rg0V7kZ5:wh+ZkldoPK1Xa8/j5RgyG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-