General
-
Target
ea53d17d407202920af2fd07b8296abf.bin
-
Size
777KB
-
Sample
230331-cl1byshf7v
-
MD5
e146a6631e04b77d1a8fafb277a5b668
-
SHA1
dcc6d541e2add64381552111013f2d740a9ad126
-
SHA256
cabe22196c7da75864ba82f4fc87a4247c279515f3876a6a1e90ad9e776fde98
-
SHA512
5d174752f7c7ffba45fd8ff72d533447e1bee43443056a9577f7ab8ff63323ccf61c3e88918923bacfb6cae9e4bfaa10a0111296fe1740e06f408b87dc44c6a2
-
SSDEEP
12288:iEhpUrYWnBMOg8axE6vdy5ULXav3QdEQfitP/gYhz3uGAIb5yZWbEoV6Fo9:iEPUrBQE6vYg1KP/GGJVbEju9
Static task
static1
Behavioral task
behavioral1
Sample
328aa195af17fbb6996c45b95c15c022e987c5d8a6fdea00ef8a58f47e8e721b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
328aa195af17fbb6996c45b95c15c022e987c5d8a6fdea00ef8a58f47e8e721b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.servicesterminals.com - Port:
587 - Username:
kenneth@servicesterminals.com - Password:
zK2kveho - Email To:
kenneth@servicesterminals.com
Targets
-
-
Target
328aa195af17fbb6996c45b95c15c022e987c5d8a6fdea00ef8a58f47e8e721b.exe
-
Size
1000KB
-
MD5
ea53d17d407202920af2fd07b8296abf
-
SHA1
ca705e5b89a9e07e87314bfd44541d940f346cbd
-
SHA256
328aa195af17fbb6996c45b95c15c022e987c5d8a6fdea00ef8a58f47e8e721b
-
SHA512
2f1a6ec015c7180ce1f95e7de0a6bdb37de697b0159eef751f6ee92def9249dee1caf08005cab63622fa673d627699058cf864eef7ebac1cb321160acce2ba7d
-
SSDEEP
24576:nj12zVZ97P1AaGeqGknYCDUTILhmxBjnRrtL0:njAR37dAaGeTknYGUTItsRr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-