General
-
Target
bed7309ed7007b0aa5f455f58da65c176438894250030633ff2882152c1b5693.exe
-
Size
218KB
-
Sample
221129-rlht8saf9x
-
MD5
1a20c4f9abb6dfe720fba9cbb5e1a89a
-
SHA1
a975e1cbb8496d66722685412591e87408881dd0
-
SHA256
bed7309ed7007b0aa5f455f58da65c176438894250030633ff2882152c1b5693
-
SHA512
7817c104868690896aea954aefc046ed8a74a1f8d23624338e062498a2c1b9eaaedab5aec6e5ab24ad58946b4e1ab739b79f9bf65662e8441d703fe341023c78
-
SSDEEP
3072:kaDyAXTqppeFX4oQdJLrEPIK3RvUsbYadix9i9M5k9wwjiXTht3iK767d/vGD:dRseylrJ4UwYaUOMeXiXTLiKe7lvG
Behavioral task
behavioral1
Sample
bed7309ed7007b0aa5f455f58da65c176438894250030633ff2882152c1b5693.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
bed7309ed7007b0aa5f455f58da65c176438894250030633ff2882152c1b5693.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.woxi.cz - Port:
587 - Username:
poklopservis@woxi.cz - Password:
88RkoRO35 - Email To:
newjoyhappy1111@engineer.com
Targets
-
-
Target
bed7309ed7007b0aa5f455f58da65c176438894250030633ff2882152c1b5693.exe
-
Size
218KB
-
MD5
1a20c4f9abb6dfe720fba9cbb5e1a89a
-
SHA1
a975e1cbb8496d66722685412591e87408881dd0
-
SHA256
bed7309ed7007b0aa5f455f58da65c176438894250030633ff2882152c1b5693
-
SHA512
7817c104868690896aea954aefc046ed8a74a1f8d23624338e062498a2c1b9eaaedab5aec6e5ab24ad58946b4e1ab739b79f9bf65662e8441d703fe341023c78
-
SSDEEP
3072:kaDyAXTqppeFX4oQdJLrEPIK3RvUsbYadix9i9M5k9wwjiXTht3iK767d/vGD:dRseylrJ4UwYaUOMeXiXTLiKe7lvG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-