General
-
Target
SecuriteInfo.com.Trojan.PackedNET.1293.4408.24137.exe
-
Size
1.0MB
-
Sample
221207-npfx9sfh2x
-
MD5
f87eb1fb827a4fb946669021a0d7c8d8
-
SHA1
d63b60bf1da287e6aa63597002389a4e6bc40eab
-
SHA256
b224d71e1f83abba5f7502d2450d4866b1e75286b738ee9fe204608a7dc38b38
-
SHA512
6919de6400f5631ab8856c560a63f51e1fc14ac98d0c7544f6632958bd905cf0e4f97c893e62a174b75033c2163fc1a7e5e08505e3b30c3d4631d811b9f5511b
-
SSDEEP
24576:7h2IF/lSgBfUlLDW6nvVeAz67nauXMc1GJxCNm:V2IFMBLDRHzqTdw
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.1293.4408.24137.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PackedNET.1293.4408.24137.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
posta.ni.net.tr - Port:
587 - Username:
[email protected] - Password:
nilya1957 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.1293.4408.24137.exe
-
Size
1.0MB
-
MD5
f87eb1fb827a4fb946669021a0d7c8d8
-
SHA1
d63b60bf1da287e6aa63597002389a4e6bc40eab
-
SHA256
b224d71e1f83abba5f7502d2450d4866b1e75286b738ee9fe204608a7dc38b38
-
SHA512
6919de6400f5631ab8856c560a63f51e1fc14ac98d0c7544f6632958bd905cf0e4f97c893e62a174b75033c2163fc1a7e5e08505e3b30c3d4631d811b9f5511b
-
SSDEEP
24576:7h2IF/lSgBfUlLDW6nvVeAz67nauXMc1GJxCNm:V2IFMBLDRHzqTdw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-