General
-
Target
e5cbbbfbcb1be51c9bbc02ef22634c55.exe
-
Size
842KB
-
Sample
221206-p2xxzsab28
-
MD5
e5cbbbfbcb1be51c9bbc02ef22634c55
-
SHA1
614b218ccf9b3d09655c25c081cc18baef354c33
-
SHA256
be2862ff4b27841ac3b341d160cc56f5aab340de3f085933d9a3d0b57b0cef18
-
SHA512
3f58e56d8feba4091da38f38b78185a3e17346f827d142b70c3564daef74bfa027504ac04980e87b0806bfc33f84ceb33bd565220e0faeb20a8e04a2fef122ca
-
SSDEEP
12288:6EVq79KlSwx7IkNBJc64cDu5GQWUjMmaNlF3zdxetqx6jogl3Fo3JR4pKt:EEQw+m/zD+jdel5dxe8ALlu5R4p+
Static task
static1
Behavioral task
behavioral1
Sample
e5cbbbfbcb1be51c9bbc02ef22634c55.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e5cbbbfbcb1be51c9bbc02ef22634c55.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
host39.registrar-servers.com - Port:
587 - Username:
[email protected] - Password:
payme nt12345
Targets
-
-
Target
e5cbbbfbcb1be51c9bbc02ef22634c55.exe
-
Size
842KB
-
MD5
e5cbbbfbcb1be51c9bbc02ef22634c55
-
SHA1
614b218ccf9b3d09655c25c081cc18baef354c33
-
SHA256
be2862ff4b27841ac3b341d160cc56f5aab340de3f085933d9a3d0b57b0cef18
-
SHA512
3f58e56d8feba4091da38f38b78185a3e17346f827d142b70c3564daef74bfa027504ac04980e87b0806bfc33f84ceb33bd565220e0faeb20a8e04a2fef122ca
-
SSDEEP
12288:6EVq79KlSwx7IkNBJc64cDu5GQWUjMmaNlF3zdxetqx6jogl3Fo3JR4pKt:EEQw+m/zD+jdel5dxe8ALlu5R4p+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-