General
-
Target
55c4b41ea537bdfdbaba8219d21ff419fcbb47d6b8572cd9db2a80dc38e32c1d.exe
-
Size
1014KB
-
Sample
221208-prryzsch9y
-
MD5
66a940359afc51457890cb05deba1af0
-
SHA1
508aa379911a32cc2e70c6e851ddd8657ad73017
-
SHA256
55c4b41ea537bdfdbaba8219d21ff419fcbb47d6b8572cd9db2a80dc38e32c1d
-
SHA512
2015368c0198b2d2702afd6940888c2d23277d903d032f1a53a8fd62a0a08935fd90c3ee4dbd91011e0704cedc8150542722e95acf4fa17eeeec3911d8898e58
-
SSDEEP
24576:AO/EpRnGksBylGSM81jnlq+KP4x3yd+L74mBfNUstzo:AOc+grM81Bq+e4x3
Static task
static1
Behavioral task
behavioral1
Sample
55c4b41ea537bdfdbaba8219d21ff419fcbb47d6b8572cd9db2a80dc38e32c1d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
55c4b41ea537bdfdbaba8219d21ff419fcbb47d6b8572cd9db2a80dc38e32c1d.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vaiappia.net - Port:
587 - Username:
sale1@vaiappia.net - Password:
project2022blessing
Targets
-
-
Target
55c4b41ea537bdfdbaba8219d21ff419fcbb47d6b8572cd9db2a80dc38e32c1d.exe
-
Size
1014KB
-
MD5
66a940359afc51457890cb05deba1af0
-
SHA1
508aa379911a32cc2e70c6e851ddd8657ad73017
-
SHA256
55c4b41ea537bdfdbaba8219d21ff419fcbb47d6b8572cd9db2a80dc38e32c1d
-
SHA512
2015368c0198b2d2702afd6940888c2d23277d903d032f1a53a8fd62a0a08935fd90c3ee4dbd91011e0704cedc8150542722e95acf4fa17eeeec3911d8898e58
-
SSDEEP
24576:AO/EpRnGksBylGSM81jnlq+KP4x3yd+L74mBfNUstzo:AOc+grM81Bq+e4x3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-