General
-
Target
Shipping Details_PDF.hta
-
Size
1.6MB
-
Sample
240701-lcp93atcqh
-
MD5
72707f07599a75caf0bc676bde19eeb3
-
SHA1
11a0c4170c8a19ce90a5afdbb19704a5c3327c30
-
SHA256
951e954efd63eed8d449ba0cfa84dc8ac70408f40fc3133189302b51d381c4a9
-
SHA512
0d059b00c6f9387790f90583ede9faa367c6dcf191c198e0acd1fa30f5a164f709971b33ee72af233d46c22a1a7a5b778dd6d047a190f02b8c55ec92c4e80193
-
SSDEEP
24576:X9Unj8RztOCn/FpVtv31hQyiEqx4k9PG5jLfXq1qFLUxRfVBzBtXUmYRoHMBv:NBRztOCn/NV3vKqLfkq62Bv
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Details_PDF.hta
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Shipping Details_PDF.hta
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.redsea.so - Port:
587 - Username:
[email protected] - Password:
safiya@123 - Email To:
[email protected]
Targets
-
-
Target
Shipping Details_PDF.hta
-
Size
1.6MB
-
MD5
72707f07599a75caf0bc676bde19eeb3
-
SHA1
11a0c4170c8a19ce90a5afdbb19704a5c3327c30
-
SHA256
951e954efd63eed8d449ba0cfa84dc8ac70408f40fc3133189302b51d381c4a9
-
SHA512
0d059b00c6f9387790f90583ede9faa367c6dcf191c198e0acd1fa30f5a164f709971b33ee72af233d46c22a1a7a5b778dd6d047a190f02b8c55ec92c4e80193
-
SSDEEP
24576:X9Unj8RztOCn/FpVtv31hQyiEqx4k9PG5jLfXq1qFLUxRfVBzBtXUmYRoHMBv:NBRztOCn/NV3vKqLfkq62Bv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-