General
-
Target
9c7e5add4dc35eca2c34ac4f1a15190015ca369a9189f3f5c8beeab29ad915de
-
Size
24KB
-
Sample
250704-tw3nhabn8t
-
MD5
e107fdb39c79ff9396a3deabbc845416
-
SHA1
1978776feeb5f09110e2985f9b245b6c7f3ddd56
-
SHA256
9c7e5add4dc35eca2c34ac4f1a15190015ca369a9189f3f5c8beeab29ad915de
-
SHA512
510243455e3246b4b3239f99d589f0213fa38d565541f26c8c8cbd49e47ff45f22c30cd8e854f19fe25df93219bcb5da0b6ffeb2b7b578203a7553e64ba913b1
-
SSDEEP
384:7s84/SuxtxCH9UupuxfyU/51QoqRMylcwlbBrdDJSFAarC34MVt6O3AM+F/SiZbr:f49bxCHquef7pWBdDJcrCICt/vq9bWpo
Static task
static1
Malware Config
Extracted
Protocol: smtp- Host:
mail.j-fores.com - Port:
587 - Username:
[email protected] - Password:
qx2O4n8r@GY0Y;
Extracted
agenttesla
Protocol: smtp- Host:
mail.j-fores.com - Port:
587 - Username:
[email protected] - Password:
qx2O4n8r@GY0Y; - Email To:
[email protected]
Targets
-
-
Target
RFQ JI-TECH_Materials&Specification-DB700-BOQ.exe
-
Size
41KB
-
MD5
5b5d4fd115e415a23937df5ba616de7b
-
SHA1
3eb1e85e9da84dd6a4b8e15944dfe9f98e7c2bdc
-
SHA256
418b9ebf4590316ece7fdbe635e7d20d938bca664e973bd11d8974d40bc20183
-
SHA512
fc075f4c0839bad3fa1d7d013c8382548f0710cc103a16f4b8decbe3ab7ce8bc2b4557460755dc8b4504c9543706276da548792ef97afdfea5abaf32859e12ff
-
SSDEEP
768:1kjb27fXZOQrjom/aUwmDIDPky7o6qcr+6aJ9eZ6C:K/2jZOSoajwmkz17o6qcfs9K
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-