General
-
Target
3ff802e875d54b64758cc2e91844a7d1d9c87c348dfc18604db5ee6dd856cca3
-
Size
838KB
-
Sample
221128-g7d33agc9y
-
MD5
644ef0e96bb766efa2a3fe3a7dfb0d5c
-
SHA1
76f4bc8da9ef0130175a93d29ec7f913a904934b
-
SHA256
3ff802e875d54b64758cc2e91844a7d1d9c87c348dfc18604db5ee6dd856cca3
-
SHA512
c75591011ff6542f4ab6018ba58163f4d69ba6bcda6af68bc22c68a87b0f9f08d5d2d19da01d23c53cec30eec702ee3fc90f70e219827011caea5dbbac373af2
-
SSDEEP
12288:gg5VmNVT3J/0UNz5fPC6q1BQh/IObjfF7LLDEXlXY61XIOmM0uY:hLm3jJddnboDObjfxLXMVByx
Static task
static1
Behavioral task
behavioral1
Sample
3ff802e875d54b64758cc2e91844a7d1d9c87c348dfc18604db5ee6dd856cca3.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
tqzwrcdhriqzrjyb
Targets
-
-
Target
3ff802e875d54b64758cc2e91844a7d1d9c87c348dfc18604db5ee6dd856cca3
-
Size
838KB
-
MD5
644ef0e96bb766efa2a3fe3a7dfb0d5c
-
SHA1
76f4bc8da9ef0130175a93d29ec7f913a904934b
-
SHA256
3ff802e875d54b64758cc2e91844a7d1d9c87c348dfc18604db5ee6dd856cca3
-
SHA512
c75591011ff6542f4ab6018ba58163f4d69ba6bcda6af68bc22c68a87b0f9f08d5d2d19da01d23c53cec30eec702ee3fc90f70e219827011caea5dbbac373af2
-
SSDEEP
12288:gg5VmNVT3J/0UNz5fPC6q1BQh/IObjfF7LLDEXlXY61XIOmM0uY:hLm3jJddnboDObjfxLXMVByx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-