General
-
Target
c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949
-
Size
825KB
-
Sample
240427-ca9q9agf75
-
MD5
33c0285bfc8c159a86e5454120869ff1
-
SHA1
16c4877c922ef67eccf3b83133ffb70d13d9f16d
-
SHA256
c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949
-
SHA512
56a39a40eb90054606fd106a7bd4e438481048784e8740919990ebd08ca590e7b64c4fdc38e83ce391a4bc67906f645aaff6249f4945c8f97d38ab99bf089ad0
-
SSDEEP
24576:G3PjKr5BNDeU0bFk8rjpM6LfsYS61v0cKyKfU:4k5BN2cXy+1yx
Static task
static1
Behavioral task
behavioral1
Sample
c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.nationalkham.com - Port:
587 - Username:
sales@nationalkham.com - Password:
kham1234 - Email To:
newmankint@yandex.com
Targets
-
-
Target
c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949
-
Size
825KB
-
MD5
33c0285bfc8c159a86e5454120869ff1
-
SHA1
16c4877c922ef67eccf3b83133ffb70d13d9f16d
-
SHA256
c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949
-
SHA512
56a39a40eb90054606fd106a7bd4e438481048784e8740919990ebd08ca590e7b64c4fdc38e83ce391a4bc67906f645aaff6249f4945c8f97d38ab99bf089ad0
-
SSDEEP
24576:G3PjKr5BNDeU0bFk8rjpM6LfsYS61v0cKyKfU:4k5BN2cXy+1yx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-