General
-
Target
DATASHEETPRWPPENGASOL020322-SDVCONTROLVALVE.iso
-
Size
874KB
-
Sample
241129-k2wygaskgj
-
MD5
7bdb8e3638494681dbd6965b4921cbc3
-
SHA1
358c78a3064de4a84970a9feedcf5513d53b5687
-
SHA256
af4553569f10b91a412c5630400d8233caef860375540961f41b62fdd09213c1
-
SHA512
78667d8e779a59210ef14a253bfafe50569cd58ddff4f7a5b1c1c6fa2fca1be2ed88ad623ab4a636efe3a6e9a528fc5e1f555e5eb4dcb37239924ade34462c87
-
SSDEEP
24576:xo1zGdLTJ0B12HCLU+Ntglo/q+az9mTUxj:xems124ulqq+aRn
Static task
static1
Behavioral task
behavioral1
Sample
DATASHEET PR WPPENGASOL 020322-SDV CONTROL VALVE.exe
Resource
win7-20240729-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
marcellinus360 - Email To:
[email protected]
Targets
-
-
Target
DATASHEET PR WPPENGASOL 020322-SDV CONTROL VALVE.exe
-
Size
812KB
-
MD5
c083ab67c959bb95ac8b68e3866990eb
-
SHA1
d49d12d76950b53b5db1c83302b13653f4c5ca9b
-
SHA256
0c2b559eb5283a70cd049b9feb500077ed327daeeddce69b9491f92e721cb14e
-
SHA512
6b49ea330badcb67328566ee0f6b5e1d98cf489cba42aadec7be251657f4196b88a1efdd0b6589c09f22731e9d3659f0e1a74081aade31b5366b16a493aa9e6b
-
SSDEEP
24576:Ho1zGdLTJ0B12HCLU+Ntglo/q+az9mTUxj:Hems124ulqq+aRn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-