General
-
Target
LOS No 140491194.exe
-
Size
676KB
-
Sample
230403-p6k4zsgd9v
-
MD5
ba67bb555e5e1d845b4e549df2c8b493
-
SHA1
ff966c9355cbc922e0eb162d8dae6db2244267da
-
SHA256
5b58f94841a17d6f347c5d32f4ac2e2fb6d7e4954d65b5138ed7fb44c924c3a0
-
SHA512
6414fcf1c07c6c6a78f0a71a040b2ad0df764ac59168b3fb49ccaafd4bdb356c3974710e8475d4bed37f22efc14967f6b9218d8f5d779ab05402cefc469a2bcc
-
SSDEEP
12288:HKPFSPmnULyywVBGh0NaHo3EpGs3TH8HzZF/gxMdib/:HiFS2UDwVBNNYoUpZTcFg/z
Static task
static1
Behavioral task
behavioral1
Sample
LOS No 140491194.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
LOS No 140491194.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.harisisint.com - Port:
587 - Username:
[email protected] - Password:
olu chu kwu 554 - Email To:
[email protected]
Targets
-
-
Target
LOS No 140491194.exe
-
Size
676KB
-
MD5
ba67bb555e5e1d845b4e549df2c8b493
-
SHA1
ff966c9355cbc922e0eb162d8dae6db2244267da
-
SHA256
5b58f94841a17d6f347c5d32f4ac2e2fb6d7e4954d65b5138ed7fb44c924c3a0
-
SHA512
6414fcf1c07c6c6a78f0a71a040b2ad0df764ac59168b3fb49ccaafd4bdb356c3974710e8475d4bed37f22efc14967f6b9218d8f5d779ab05402cefc469a2bcc
-
SSDEEP
12288:HKPFSPmnULyywVBGh0NaHo3EpGs3TH8HzZF/gxMdib/:HiFS2UDwVBNNYoUpZTcFg/z
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-