General
-
Target
57bdaf6ec2126f43b1ab5e57fd8456f328f502e3f8deca3c41ebfb8f2e7c3348
-
Size
667KB
-
Sample
221128-h4654sed92
-
MD5
6c121aa807c7ffbc6259f7ac0dc83255
-
SHA1
f1cdbe4a3c1852feddf5f5ff1ff3d4498161760b
-
SHA256
57bdaf6ec2126f43b1ab5e57fd8456f328f502e3f8deca3c41ebfb8f2e7c3348
-
SHA512
d07a82656b997515a4fe0899c2612e6feeb40c3786138eb1a990b11a85e0cfbd89ae4357d89a05baf64d5e897ce9dce69c457b4c6b1c6a2365e19a66e9802652
-
SSDEEP
12288:Xwc+pbKbfxpe/IbHn0svbXPEy6ggpdUx1ZRy8p7FJqfh4qw+:XjsbKje/I7dvbXP/6ggEfy8p7FJqJ4
Static task
static1
Behavioral task
behavioral1
Sample
57bdaf6ec2126f43b1ab5e57fd8456f328f502e3f8deca3c41ebfb8f2e7c3348.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
KKK123456@@
Targets
-
-
Target
57bdaf6ec2126f43b1ab5e57fd8456f328f502e3f8deca3c41ebfb8f2e7c3348
-
Size
667KB
-
MD5
6c121aa807c7ffbc6259f7ac0dc83255
-
SHA1
f1cdbe4a3c1852feddf5f5ff1ff3d4498161760b
-
SHA256
57bdaf6ec2126f43b1ab5e57fd8456f328f502e3f8deca3c41ebfb8f2e7c3348
-
SHA512
d07a82656b997515a4fe0899c2612e6feeb40c3786138eb1a990b11a85e0cfbd89ae4357d89a05baf64d5e897ce9dce69c457b4c6b1c6a2365e19a66e9802652
-
SSDEEP
12288:Xwc+pbKbfxpe/IbHn0svbXPEy6ggpdUx1ZRy8p7FJqfh4qw+:XjsbKje/I7dvbXP/6ggEfy8p7FJqJ4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-