General
-
Target
Betaling.jpg_1.img
-
Size
1.3MB
-
Sample
230303-sylx4aaa94
-
MD5
18834e9533434790b56cbf2579183f55
-
SHA1
4b3f698e48f70c40d705590705d9c4d6fbd5a988
-
SHA256
3185d8e8484338169b004da9f6ea8e66f2e95f353b9d2a0cf833ce705ca2cfb2
-
SHA512
44077e6b49173e963a09b2b48d6957818e54a4d167034a05ad5360008b0d57df605bada880e6018b09f03ea44fa7d8b0f67f5e83e8113b27ae2dba797f5bf0c3
-
SSDEEP
24576:owwt+2McUJrdRhT5js5HE2u08wvQW0iaGTf/YeOXv:kt+XLsxRu08wYI/YNXv
Static task
static1
Behavioral task
behavioral1
Sample
BETALING.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
BETALING.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.amwi.net - Port:
587 - Username:
[email protected] - Password:
A77i6l!v - Email To:
[email protected]
Targets
-
-
Target
BETALING.EXE
-
Size
792KB
-
MD5
2a1545c3d87e97567f8b086860e5832b
-
SHA1
410bf6f20cb8d3815866b31c7c7d777fbccb6ea2
-
SHA256
e2cffdf34c55f9b0975fc651a0f49db65ff59c34610221fe5efac13d72911310
-
SHA512
e1d21c09003d4f99f9e654276e040f56c3338c3b578f0cf74542b1c0525f7a2ebe1a953de88c79e952112b696aaa5c011eebf25022f4335a071993a7dc82b44f
-
SSDEEP
24576:2wwt+2McUJrdRhT5js5HE2u08wvQW0iaGTf/YeOXv:qt+XLsxRu08wYI/YNXv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-