General
-
Target
dollw9235795.exe
-
Size
798KB
-
Sample
230331-kxpnlahb44
-
MD5
47124de273a6bfb0574836a275dd6e04
-
SHA1
07a8628347833460021284496db8da9a02962bf7
-
SHA256
98d735989cc1423bdd21526c42deaa86db9982f5c7e6c09d37adb881afa9c8f8
-
SHA512
5984144c8e7c7f1c856efcd8f0260811e881de94ffbe739db70640842afde90b1aec9b7192f80aec232cc3c1a7acc2b8ff7499c2f787e21ea3984d10c3adb6ab
-
SSDEEP
12288:ZDFy6bYCPrCOrMLw62eoskp/UiFewt8GqxbjI/Bg1qco5kuimOMt+1wpbh8xDTtO:C6bYzwz5DUyntPC9wrnimXOJnSH5
Static task
static1
Behavioral task
behavioral1
Sample
dollw9235795.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
dollw9235795.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
jaime.jeminez@gmail.com - Password:
pyyyhreafpwghuxn - Email To:
jaime.jeminez@gmail.com
Targets
-
-
Target
dollw9235795.exe
-
Size
798KB
-
MD5
47124de273a6bfb0574836a275dd6e04
-
SHA1
07a8628347833460021284496db8da9a02962bf7
-
SHA256
98d735989cc1423bdd21526c42deaa86db9982f5c7e6c09d37adb881afa9c8f8
-
SHA512
5984144c8e7c7f1c856efcd8f0260811e881de94ffbe739db70640842afde90b1aec9b7192f80aec232cc3c1a7acc2b8ff7499c2f787e21ea3984d10c3adb6ab
-
SSDEEP
12288:ZDFy6bYCPrCOrMLw62eoskp/UiFewt8GqxbjI/Bg1qco5kuimOMt+1wpbh8xDTtO:C6bYzwz5DUyntPC9wrnimXOJnSH5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-