General
-
Target
01b98000b9fd1fd6e87cb3bb1ee89001.bin
-
Size
797KB
-
Sample
230328-bcqwgsaa2z
-
MD5
525166ebb39544ada43e5d2e5c4eb00b
-
SHA1
02f7c75b0ce18013ab7ba64091ef82842196436c
-
SHA256
60e31e81230a961d53befded9c56ad63a5de6bb1adcf29f5c995a977c3e606dd
-
SHA512
b8c665154e7aa35e06f4f579c884312b229e20d0c99702f36b7efeaffef718561a7038e211ccc668502ba3a9b5be2f8a49a05d880d332584ec394326b283f4ee
-
SSDEEP
24576:p6smqGlh3/WY3jbqdBRAtLsVwPUc6a398:p6smqczgBqtSTa3u
Static task
static1
Behavioral task
behavioral1
Sample
e45adb38f46b6275c9208ffc10f5ad840da121078544fad3555ef8183608dded.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e45adb38f46b6275c9208ffc10f5ad840da121078544fad3555ef8183608dded.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ungaplc.com - Port:
587 - Username:
info@ungaplc.com - Password:
Maco@2022@ - Email To:
afnrobertaol@gmail.com
Targets
-
-
Target
e45adb38f46b6275c9208ffc10f5ad840da121078544fad3555ef8183608dded.exe
-
Size
974KB
-
MD5
01b98000b9fd1fd6e87cb3bb1ee89001
-
SHA1
03bde9251748cde15f4dd96698bbe62b661d5da8
-
SHA256
e45adb38f46b6275c9208ffc10f5ad840da121078544fad3555ef8183608dded
-
SHA512
19aa22e6f0a6d3984dda6929706b866fa0285aa7d8e6630168ab78cb5e1803e85a770d0fd93f76c5444d112af737c4852d92f77e25034b60fd493515394cd5f0
-
SSDEEP
12288:vvvaMcBlqtpyOkqDpUJ4b1rY7hc3xz1w33S4o5iLUZoUvL5kZppRCajyvweRCsc:P1m4tpyeFQKJahsz6LU5OpRC5oeQl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-