General
-
Target
9b6dc9a0168aa5b6672b6e33a93143c6ef56751710b7786a6839c09860bd2381
-
Size
611KB
-
Sample
240429-bke4ysdg63
-
MD5
9f9649b0714277976f0822ae1be59945
-
SHA1
2a29167fd80d8d0f767921f1b6d33c2e05fb0416
-
SHA256
9b6dc9a0168aa5b6672b6e33a93143c6ef56751710b7786a6839c09860bd2381
-
SHA512
0c1030926a2cbda68e44a2a664ed9ba145f0e4368fbb029011724d1b8c9a07d7aab65c940363a836784675602446b87d83e40483f8fc08b841be0b305b7e3bf3
-
SSDEEP
12288:8DuCvpgyBs4BibBAjAkgHmMCwMqSbvXWtWJVaN8BcPr2e1aXzsnt:8DuCvpls4g/kgPqTbvXWguNGir2e1AWt
Static task
static1
Behavioral task
behavioral1
Sample
9b6dc9a0168aa5b6672b6e33a93143c6ef56751710b7786a6839c09860bd2381.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9b6dc9a0168aa5b6672b6e33a93143c6ef56751710b7786a6839c09860bd2381.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
terminal4.veeblehosting.com - Port:
587 - Username:
appo@kailmaticarbon.com - Password:
Ifeanyi1987@ - Email To:
deepocket@eleven-end-sun.com
Targets
-
-
Target
9b6dc9a0168aa5b6672b6e33a93143c6ef56751710b7786a6839c09860bd2381
-
Size
611KB
-
MD5
9f9649b0714277976f0822ae1be59945
-
SHA1
2a29167fd80d8d0f767921f1b6d33c2e05fb0416
-
SHA256
9b6dc9a0168aa5b6672b6e33a93143c6ef56751710b7786a6839c09860bd2381
-
SHA512
0c1030926a2cbda68e44a2a664ed9ba145f0e4368fbb029011724d1b8c9a07d7aab65c940363a836784675602446b87d83e40483f8fc08b841be0b305b7e3bf3
-
SSDEEP
12288:8DuCvpgyBs4BibBAjAkgHmMCwMqSbvXWtWJVaN8BcPr2e1aXzsnt:8DuCvpls4g/kgPqTbvXWguNGir2e1AWt
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-