General
-
Target
06e669477f0387cf853ce4dea4cbac2f.exe
-
Size
858KB
-
Sample
221128-jgd2gsfd38
-
MD5
06e669477f0387cf853ce4dea4cbac2f
-
SHA1
675044d859142c8d1f2218bbda9869d9450285ab
-
SHA256
1015fb1f960c808990e8911a5a4de7ac50d31812a71dc298f357dc668a5b794b
-
SHA512
b79833f3174ea12124fe2136703951c5745491aa7f4f8151f13cdc634a23f9bc2aa637facdcc9ffa8aef94a0acb7572efd7b284c803ade77098fce440c2d858d
-
SSDEEP
12288:sB7c+SAxvHZFSOJ4gmMTifiTj0aeAWZPrIffxqLgxRWldyIg95lvTHRyoY6:smSEMTiVAWZPrIf/xR0yIgvpjRpY6
Static task
static1
Behavioral task
behavioral1
Sample
06e669477f0387cf853ce4dea4cbac2f.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
06e669477f0387cf853ce4dea4cbac2f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
KKK123456@@
Targets
-
-
Target
06e669477f0387cf853ce4dea4cbac2f.exe
-
Size
858KB
-
MD5
06e669477f0387cf853ce4dea4cbac2f
-
SHA1
675044d859142c8d1f2218bbda9869d9450285ab
-
SHA256
1015fb1f960c808990e8911a5a4de7ac50d31812a71dc298f357dc668a5b794b
-
SHA512
b79833f3174ea12124fe2136703951c5745491aa7f4f8151f13cdc634a23f9bc2aa637facdcc9ffa8aef94a0acb7572efd7b284c803ade77098fce440c2d858d
-
SSDEEP
12288:sB7c+SAxvHZFSOJ4gmMTifiTj0aeAWZPrIffxqLgxRWldyIg95lvTHRyoY6:smSEMTiVAWZPrIf/xR0yIgvpjRpY6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-