General
-
Target
2749740f79f214e244b066f44d3de2d2a55d75f1cf3c90a94b939f5426794a8a
-
Size
772KB
-
Sample
221205-aq8g1saa39
-
MD5
3f27b6cced618d03ecea3a1d19a0ac26
-
SHA1
24e6236f5778b2ae9e91c733d505de344de8e290
-
SHA256
2749740f79f214e244b066f44d3de2d2a55d75f1cf3c90a94b939f5426794a8a
-
SHA512
96c3ec698e275a867392c7d5f2bb9ab9b935e91a45c1258e074525e9f1b58112e4fcccd6e26bc19821d194b2ba1c63f58e3909ff22a1de5eeeca689e30459f87
-
SSDEEP
24576:77s71zLzs1Zw3n6uABlrkh6/n1dB5O8f:77EHo12nKpkOLjO8f
Static task
static1
Behavioral task
behavioral1
Sample
2749740f79f214e244b066f44d3de2d2a55d75f1cf3c90a94b939f5426794a8a.exe
Resource
win10-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.eslinaasansor.com.tr - Port:
587 - Username:
[email protected] - Password:
eslina2020info - Email To:
[email protected]
Targets
-
-
Target
2749740f79f214e244b066f44d3de2d2a55d75f1cf3c90a94b939f5426794a8a
-
Size
772KB
-
MD5
3f27b6cced618d03ecea3a1d19a0ac26
-
SHA1
24e6236f5778b2ae9e91c733d505de344de8e290
-
SHA256
2749740f79f214e244b066f44d3de2d2a55d75f1cf3c90a94b939f5426794a8a
-
SHA512
96c3ec698e275a867392c7d5f2bb9ab9b935e91a45c1258e074525e9f1b58112e4fcccd6e26bc19821d194b2ba1c63f58e3909ff22a1de5eeeca689e30459f87
-
SSDEEP
24576:77s71zLzs1Zw3n6uABlrkh6/n1dB5O8f:77EHo12nKpkOLjO8f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-