General
-
Target
fedb69ac4f3f56c14e19c6fe126a1f036e52d8d836a06646302ac7b860dc2549
-
Size
1.2MB
-
Sample
240429-bdql4sdh7t
-
MD5
2095629181c0449a06ad34e3eb18bde8
-
SHA1
103fa6e05907083842b61de1b22f537a3ad7c037
-
SHA256
fedb69ac4f3f56c14e19c6fe126a1f036e52d8d836a06646302ac7b860dc2549
-
SHA512
e63cbb99137445fe8e406c0832e62cb7bcffe9ba668cb58884c908c886b7175556f8799674db01431132d77f86cda464e9f735d2eb1d05d15c5abf9e9df733a1
-
SSDEEP
24576:MqDEvCTbMWu7rQYlBQcBiT6rprG8aw1Q/lcaUPO7QRG1uNFf3l:MTvC/MTQYxsWR7aZpoO7QY1uNFP
Static task
static1
Behavioral task
behavioral1
Sample
fedb69ac4f3f56c14e19c6fe126a1f036e52d8d836a06646302ac7b860dc2549.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fedb69ac4f3f56c14e19c6fe126a1f036e52d8d836a06646302ac7b860dc2549.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jmfresh.sg - Port:
587 - Username:
sales@jmfresh.sg - Password:
sales@jmfresh.sg - Email To:
rolandvirus66@gmail.com
Targets
-
-
Target
fedb69ac4f3f56c14e19c6fe126a1f036e52d8d836a06646302ac7b860dc2549
-
Size
1.2MB
-
MD5
2095629181c0449a06ad34e3eb18bde8
-
SHA1
103fa6e05907083842b61de1b22f537a3ad7c037
-
SHA256
fedb69ac4f3f56c14e19c6fe126a1f036e52d8d836a06646302ac7b860dc2549
-
SHA512
e63cbb99137445fe8e406c0832e62cb7bcffe9ba668cb58884c908c886b7175556f8799674db01431132d77f86cda464e9f735d2eb1d05d15c5abf9e9df733a1
-
SSDEEP
24576:MqDEvCTbMWu7rQYlBQcBiT6rprG8aw1Q/lcaUPO7QRG1uNFf3l:MTvC/MTQYxsWR7aZpoO7QY1uNFP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-