General
-
Target
tmp
-
Size
576KB
-
Sample
221128-kyvagaff6y
-
MD5
0f389649ea654d411781591b7b3e06c9
-
SHA1
9fc4cea3aaeecfbc586810b973c70d70e0af55fc
-
SHA256
c6665f0969a017147029e0d1a20d3a2fe5e94a95c5dd1db65cbabb7bcaa27255
-
SHA512
1784007fff97e00fe55db00d3e097ef0c7085c46c3df6b94d9f46aa7b84fab95edb52ed09776449253af00e9cca2408558ea807e02f770ebcf9bb2594da526d1
-
SSDEEP
12288:3EkzrbETClt+4rjwPwcsQLURrTeUDcNciD+HskFgFwIyXCD3:v76Cb+4rEYcs5rK/NcXskFgqIyXw
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
host39.registrar-servers.com - Port:
587 - Username:
[email protected] - Password:
payment12345
Targets
-
-
Target
tmp
-
Size
576KB
-
MD5
0f389649ea654d411781591b7b3e06c9
-
SHA1
9fc4cea3aaeecfbc586810b973c70d70e0af55fc
-
SHA256
c6665f0969a017147029e0d1a20d3a2fe5e94a95c5dd1db65cbabb7bcaa27255
-
SHA512
1784007fff97e00fe55db00d3e097ef0c7085c46c3df6b94d9f46aa7b84fab95edb52ed09776449253af00e9cca2408558ea807e02f770ebcf9bb2594da526d1
-
SSDEEP
12288:3EkzrbETClt+4rjwPwcsQLURrTeUDcNciD+HskFgFwIyXCD3:v76Cb+4rEYcs5rK/NcXskFgqIyXw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-