General
-
Target
4e0875dcb56916ec69a4848f69b131ee48537a4f53f48b15471b5dbaf154514a
-
Size
385KB
-
Sample
240429-blvk2adh32
-
MD5
785ac2c900bebf7bad65ba048a603ee6
-
SHA1
7e3d6ebbed408b9bbf6ce6bd40968ce71a38f9a2
-
SHA256
4e0875dcb56916ec69a4848f69b131ee48537a4f53f48b15471b5dbaf154514a
-
SHA512
e95900f2701d94c4ffad18b622ae89dd7204c778dbf1acb6e622181621474efd31c5872c231b37035c848d438c78b735aeb6263036fc558076830bc9e63914be
-
SSDEEP
6144:o1lClnHHwTrSYqMZOyQcRnJh9Q7vEqX3AVbAdbILQRppm+u8Uf0IdSgQmqX5I/0n:ocHu1IyQuba7pXwyxIYLmppf0tx
Static task
static1
Behavioral task
behavioral1
Sample
4e0875dcb56916ec69a4848f69b131ee48537a4f53f48b15471b5dbaf154514a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4e0875dcb56916ec69a4848f69b131ee48537a4f53f48b15471b5dbaf154514a.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
premium162.web-hosting.com - Port:
587 - Username:
sales2@kimiagroups.pw - Password:
Look@oursuccess247 - Email To:
info2@kimiagroups.pw
Targets
-
-
Target
4e0875dcb56916ec69a4848f69b131ee48537a4f53f48b15471b5dbaf154514a
-
Size
385KB
-
MD5
785ac2c900bebf7bad65ba048a603ee6
-
SHA1
7e3d6ebbed408b9bbf6ce6bd40968ce71a38f9a2
-
SHA256
4e0875dcb56916ec69a4848f69b131ee48537a4f53f48b15471b5dbaf154514a
-
SHA512
e95900f2701d94c4ffad18b622ae89dd7204c778dbf1acb6e622181621474efd31c5872c231b37035c848d438c78b735aeb6263036fc558076830bc9e63914be
-
SSDEEP
6144:o1lClnHHwTrSYqMZOyQcRnJh9Q7vEqX3AVbAdbILQRppm+u8Uf0IdSgQmqX5I/0n:ocHu1IyQuba7pXwyxIYLmppf0tx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-