General
-
Target
5389ab408a7b91bc316f8103bd257931aba620b18653f18db463d03036f75227
-
Size
69KB
-
Sample
240428-bn16ladb5y
-
MD5
4883df856c4e320f313c1adae62456a1
-
SHA1
25279575a130ba795a289ffc29b79fc565c37075
-
SHA256
5389ab408a7b91bc316f8103bd257931aba620b18653f18db463d03036f75227
-
SHA512
e0f21764dc6d2019ba0f3da97e33ce4e109b73ec2f1e93316f92e5361718eceb19f1e5bace70697ff63a166d6b72005d576b3c09694d372b64b43f48a41758d4
-
SSDEEP
1536:sLPx4QfQWceatqBb1NTaYIjlQYYmatL6ZDZgya7XoppxsLjf3jK:sLZ4QxTatqBb1NTaYIRjyL6ZVZarqpxJ
Static task
static1
Behavioral task
behavioral1
Sample
5389ab408a7b91bc316f8103bd257931aba620b18653f18db463d03036f75227.rtf
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
5389ab408a7b91bc316f8103bd257931aba620b18653f18db463d03036f75227.rtf
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.controlfire.com.mx - Port:
587 - Username:
apama@controlfire.com.mx - Password:
[;E4nNUMlscW - Email To:
apama_reports@controlfire.com.mx
Targets
-
-
Target
5389ab408a7b91bc316f8103bd257931aba620b18653f18db463d03036f75227
-
Size
69KB
-
MD5
4883df856c4e320f313c1adae62456a1
-
SHA1
25279575a130ba795a289ffc29b79fc565c37075
-
SHA256
5389ab408a7b91bc316f8103bd257931aba620b18653f18db463d03036f75227
-
SHA512
e0f21764dc6d2019ba0f3da97e33ce4e109b73ec2f1e93316f92e5361718eceb19f1e5bace70697ff63a166d6b72005d576b3c09694d372b64b43f48a41758d4
-
SSDEEP
1536:sLPx4QfQWceatqBb1NTaYIjlQYYmatL6ZDZgya7XoppxsLjf3jK:sLZ4QxTatqBb1NTaYIRjyL6ZVZarqpxJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-