General
-
Target
POM21002942.exe
-
Size
1.0MB
-
Sample
230403-gm2nmaee4v
-
MD5
6484dc4913b3adb16c159b7ea00ff294
-
SHA1
9870c0cfa3aa9afa49cc996cb2e8fa89486e3f23
-
SHA256
30272b6380cb51f1ea1c8ba3c294fe504fb80179d4ac31cfa8eb641919137eca
-
SHA512
d467be2354ebedee7f35ab5202fc8c3fde8a56a131af2d825b8678f57983d01d7fa6b6390e12c4634fb32c011dfcccb59f17af66370e49c8af7115b3100a0461
-
SSDEEP
12288:/VKgbTjDbjZniAWt1m8nF3p44ZUf8O6PiyywVjjZNaUXcEGQLZCD/EdptyW5QHqR:kuTjDvFiAWt1mIzDifD6PUwVX
Static task
static1
Behavioral task
behavioral1
Sample
POM21002942.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
POM21002942.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.exceltruea.com - Port:
587 - Username:
[email protected] - Password:
bl es si ng 2 0 2 3 - Email To:
[email protected]
Targets
-
-
Target
POM21002942.exe
-
Size
1.0MB
-
MD5
6484dc4913b3adb16c159b7ea00ff294
-
SHA1
9870c0cfa3aa9afa49cc996cb2e8fa89486e3f23
-
SHA256
30272b6380cb51f1ea1c8ba3c294fe504fb80179d4ac31cfa8eb641919137eca
-
SHA512
d467be2354ebedee7f35ab5202fc8c3fde8a56a131af2d825b8678f57983d01d7fa6b6390e12c4634fb32c011dfcccb59f17af66370e49c8af7115b3100a0461
-
SSDEEP
12288:/VKgbTjDbjZniAWt1m8nF3p44ZUf8O6PiyywVjjZNaUXcEGQLZCD/EdptyW5QHqR:kuTjDvFiAWt1mIzDifD6PUwVX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-