General
-
Target
Potwierdzenie zamówienia.doc.exe
-
Size
768KB
-
Sample
240701-l2s29aycnq
-
MD5
0b2cc11236f4f6cd2ead26a1d02c7a60
-
SHA1
1a9f29f7478792d01bc11bc2cb7c1c9aa2dc4576
-
SHA256
be68709a0e66e6137a003d1dd97dae958cf10ab2cff49d66b8aabcf4b618b9b5
-
SHA512
52ea86584a1817c1a435358a8b3f55e0987dbe7bf43cd8bbf1afcd1a59dc4d42340cfebd71d1510d1f4535065acf123e8a06d4063aa2eda2be6ae5991782ea02
-
SSDEEP
12288:RKcuUYs8wcu0MyQYtM1l6ogb7jahORQUiLcXW3XJ64DGzZBueipqDKM1o33:QcdYsdcX3QwSlsbahCEcXWZ64mZBWM1+
Static task
static1
Behavioral task
behavioral1
Sample
Potwierdzenie zamówienia.doc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Potwierdzenie zamówienia.doc.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.caldas-cca.com - Port:
587 - Username:
[email protected] - Password:
M34gN34sZS0Az - Email To:
[email protected]
Targets
-
-
Target
Potwierdzenie zamówienia.doc.exe
-
Size
768KB
-
MD5
0b2cc11236f4f6cd2ead26a1d02c7a60
-
SHA1
1a9f29f7478792d01bc11bc2cb7c1c9aa2dc4576
-
SHA256
be68709a0e66e6137a003d1dd97dae958cf10ab2cff49d66b8aabcf4b618b9b5
-
SHA512
52ea86584a1817c1a435358a8b3f55e0987dbe7bf43cd8bbf1afcd1a59dc4d42340cfebd71d1510d1f4535065acf123e8a06d4063aa2eda2be6ae5991782ea02
-
SSDEEP
12288:RKcuUYs8wcu0MyQYtM1l6ogb7jahORQUiLcXW3XJ64DGzZBueipqDKM1o33:QcdYsdcX3QwSlsbahCEcXWZ64mZBWM1+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-