General
-
Target
a76b7df57b1b16e4bac4e1e19e88b1a03c0b31aec4441046be5cbe7ce68cd58c
-
Size
670KB
-
Sample
221205-q8y93aaf51
-
MD5
cf79503bf57553739c5fb81699b3aa38
-
SHA1
b90fb7c842aa220339ae4d72569410cb8a9ed1b6
-
SHA256
a76b7df57b1b16e4bac4e1e19e88b1a03c0b31aec4441046be5cbe7ce68cd58c
-
SHA512
2f32187f9f2edb940ce3389b78f63c8429cab7252d20c3bd8acfdbaaf090b38c12b7524687aa3764ac4e08fba3d1dac051e4d419e18fdd1d584d4f39d5274ed8
-
SSDEEP
12288:WPuYd+V6b1momPZefMXrX120LJy0uw999QhJqzDE2uh7WwtmgHXktAplclePuYd1:WPuYd+V6bIomxiMXr40glhJQo2M7JAW1
Static task
static1
Behavioral task
behavioral1
Sample
a76b7df57b1b16e4bac4e1e19e88b1a03c0b31aec4441046be5cbe7ce68cd58c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
hnxqezadblabdsss
Targets
-
-
Target
a76b7df57b1b16e4bac4e1e19e88b1a03c0b31aec4441046be5cbe7ce68cd58c
-
Size
670KB
-
MD5
cf79503bf57553739c5fb81699b3aa38
-
SHA1
b90fb7c842aa220339ae4d72569410cb8a9ed1b6
-
SHA256
a76b7df57b1b16e4bac4e1e19e88b1a03c0b31aec4441046be5cbe7ce68cd58c
-
SHA512
2f32187f9f2edb940ce3389b78f63c8429cab7252d20c3bd8acfdbaaf090b38c12b7524687aa3764ac4e08fba3d1dac051e4d419e18fdd1d584d4f39d5274ed8
-
SSDEEP
12288:WPuYd+V6b1momPZefMXrX120LJy0uw999QhJqzDE2uh7WwtmgHXktAplclePuYd1:WPuYd+V6bIomxiMXr40glhJQo2M7JAW1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-