General
-
Target
tmp
-
Size
916KB
-
Sample
221129-mvjqnsbf69
-
MD5
1bd958b3b93b00e76a0ce4b58fadc176
-
SHA1
bbe867410bfb25d107275c523a3b369d5ed2dc70
-
SHA256
9ebd85e5e74afcfe982352658f088e64ab9b400c5c66ec02d7cb28d2c06e4217
-
SHA512
e4a00b80acb0cb5eaf818bdfca0bfbb380883c310e6dc44e28daebc692673db2e0bfd7e094207479ec472702713ff6db1658822da815f9229cf6cff8a235b19a
-
SSDEEP
12288:ObYqU+Eom36sITWpF9UiCF3EVy0vLJbevEC6Oy6GKVbtQC6JMUGoDdzoa1cfN:kMomyoUv30jJbevEC6QGvlWUGoDdEPf
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.networkteam.com - Port:
587 - Username:
r.knickrehm@pmkuntz.de - Password:
apb9Q9aRbXBy - Email To:
directorprocurement3@gmail.com
Targets
-
-
Target
tmp
-
Size
916KB
-
MD5
1bd958b3b93b00e76a0ce4b58fadc176
-
SHA1
bbe867410bfb25d107275c523a3b369d5ed2dc70
-
SHA256
9ebd85e5e74afcfe982352658f088e64ab9b400c5c66ec02d7cb28d2c06e4217
-
SHA512
e4a00b80acb0cb5eaf818bdfca0bfbb380883c310e6dc44e28daebc692673db2e0bfd7e094207479ec472702713ff6db1658822da815f9229cf6cff8a235b19a
-
SSDEEP
12288:ObYqU+Eom36sITWpF9UiCF3EVy0vLJbevEC6Oy6GKVbtQC6JMUGoDdzoa1cfN:kMomyoUv30jJbevEC6QGvlWUGoDdEPf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-