General
-
Target
tmp
-
Size
778KB
-
Sample
230331-m1ph4sag5z
-
MD5
992d6ad7f5365199de9a1a789b08c358
-
SHA1
17d8db7c926cb9be034d5ea544ca106bb41619d9
-
SHA256
2bda91406a11bcfa7233b2798297164c5ffe514b4100af0062fc166b9ab55b60
-
SHA512
12fed10bbdfff61275564151bbd51453352a0d102b837c621f1f12806de26bba8515ba43b136ef16551cd70a24d9b4debd2a2d039345ed517e02dee507891b52
-
SSDEEP
12288:DtlhARwKdJVZz5d7n/XBrNU4QpuLIXD2DJdpCTTQDTVh7DhGZ7jnzVs/Mbd4IA:yBVZ99XB6hRXDwJvCTUDBh/QHzVUI
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server320.web-hosting.com - Port:
587 - Username:
admin@igls.cc - Password:
lagos@123 - Email To:
nel@igls.cc
Targets
-
-
Target
tmp
-
Size
778KB
-
MD5
992d6ad7f5365199de9a1a789b08c358
-
SHA1
17d8db7c926cb9be034d5ea544ca106bb41619d9
-
SHA256
2bda91406a11bcfa7233b2798297164c5ffe514b4100af0062fc166b9ab55b60
-
SHA512
12fed10bbdfff61275564151bbd51453352a0d102b837c621f1f12806de26bba8515ba43b136ef16551cd70a24d9b4debd2a2d039345ed517e02dee507891b52
-
SSDEEP
12288:DtlhARwKdJVZz5d7n/XBrNU4QpuLIXD2DJdpCTTQDTVh7DhGZ7jnzVs/Mbd4IA:yBVZ99XB6hRXDwJvCTUDBh/QHzVUI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-