General
-
Target
d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384
-
Size
920KB
-
Sample
240428-bdlyxscg5x
-
MD5
28c3a284905b7996294d725c948962a9
-
SHA1
2429a4f7c95a8ba436348f47813cba0815f8196a
-
SHA256
d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384
-
SHA512
3095b54dd0475e2ed2e5c3520fdeb361dd9065f6a8a2324f2cf5d0b5457c3091aed3de6d9ccffd4ecaf64e3277a6221f35325edde8847e417fc3a762389329df
-
SSDEEP
24576:L0Fn3rHlRpp7zBerXIosFN5JlkqHlch2fC3z:slZP0T6FxfqD
Static task
static1
Behavioral task
behavioral1
Sample
d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lilydesign.com.tr - Port:
587 - Username:
muhasebe@lilydesign.com.tr - Password:
0508Lily0508Lily* - Email To:
info.superseal@yandex.com
Targets
-
-
Target
d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384
-
Size
920KB
-
MD5
28c3a284905b7996294d725c948962a9
-
SHA1
2429a4f7c95a8ba436348f47813cba0815f8196a
-
SHA256
d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384
-
SHA512
3095b54dd0475e2ed2e5c3520fdeb361dd9065f6a8a2324f2cf5d0b5457c3091aed3de6d9ccffd4ecaf64e3277a6221f35325edde8847e417fc3a762389329df
-
SSDEEP
24576:L0Fn3rHlRpp7zBerXIosFN5JlkqHlch2fC3z:slZP0T6FxfqD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-