General
-
Target
5cc0c336fc38231f8220dd959fe7ccee.exe
-
Size
687KB
-
Sample
230420-c6fhaafa83
-
MD5
5cc0c336fc38231f8220dd959fe7ccee
-
SHA1
62c75a782b20545b29c879bc8c3f6307dd588111
-
SHA256
010493b98e6676ace7201480f106d8b348aac9118755a5f55137b410dbf31d0c
-
SHA512
181b59a15572f7261e96820ea62c6df57fd2ef5168e23947f8fed1034f24f45936c3521e2db79272ffd4f24a364c2ae2264f1e2d5240d534167d67381e8a9dde
-
SSDEEP
12288:Mg+Voi1HDSFR7XFHgAIa8PHWm81DNCdGKOotgtUG:VSHDah8PHWmmuxCU
Static task
static1
Behavioral task
behavioral1
Sample
5cc0c336fc38231f8220dd959fe7ccee.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5cc0c336fc38231f8220dd959fe7ccee.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server320.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
m#+f(b5{XRR3 - Email To:
[email protected]
Targets
-
-
Target
5cc0c336fc38231f8220dd959fe7ccee.exe
-
Size
687KB
-
MD5
5cc0c336fc38231f8220dd959fe7ccee
-
SHA1
62c75a782b20545b29c879bc8c3f6307dd588111
-
SHA256
010493b98e6676ace7201480f106d8b348aac9118755a5f55137b410dbf31d0c
-
SHA512
181b59a15572f7261e96820ea62c6df57fd2ef5168e23947f8fed1034f24f45936c3521e2db79272ffd4f24a364c2ae2264f1e2d5240d534167d67381e8a9dde
-
SSDEEP
12288:Mg+Voi1HDSFR7XFHgAIa8PHWm81DNCdGKOotgtUG:VSHDah8PHWmmuxCU
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-