General
-
Target
1a3a72cfd544d61a7a9b650477460e89.exe
-
Size
406KB
-
Sample
230610-ehxsrseb58
-
MD5
1a3a72cfd544d61a7a9b650477460e89
-
SHA1
b21c973688ceab6f593f96f4ede7bf26290f84b6
-
SHA256
c79eafdedf764d6b8ed3c18e9d1853f881b452e017202ac8eed2828dca2e0450
-
SHA512
3f4dd3f6e513f7e1715ce8cf8c285203a9653fa87556fa5faa9a985dcae1577e0c13bce9aea8cd1ed5560d33700ad5f8fcc50bedd8e9bc889b6cd6d7bc50f9e6
-
SSDEEP
6144:u6dgNzV+OT7EDnos/MzmtxBKh2ch8ot1oxLg7IboejhiCV0E4rpugBt:8P+OTIPMzmtxBwHPoxk7IfjhiTU6t
Static task
static1
Behavioral task
behavioral1
Sample
1a3a72cfd544d61a7a9b650477460e89.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1a3a72cfd544d61a7a9b650477460e89.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.theamoebaevents.in - Port:
587 - Username:
sarvat@theamoebaevents.in - Password:
9811640077@ - Email To:
michealjerry@usa.com
Targets
-
-
Target
1a3a72cfd544d61a7a9b650477460e89.exe
-
Size
406KB
-
MD5
1a3a72cfd544d61a7a9b650477460e89
-
SHA1
b21c973688ceab6f593f96f4ede7bf26290f84b6
-
SHA256
c79eafdedf764d6b8ed3c18e9d1853f881b452e017202ac8eed2828dca2e0450
-
SHA512
3f4dd3f6e513f7e1715ce8cf8c285203a9653fa87556fa5faa9a985dcae1577e0c13bce9aea8cd1ed5560d33700ad5f8fcc50bedd8e9bc889b6cd6d7bc50f9e6
-
SSDEEP
6144:u6dgNzV+OT7EDnos/MzmtxBKh2ch8ot1oxLg7IboejhiCV0E4rpugBt:8P+OTIPMzmtxBwHPoxk7IfjhiTU6t
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-