General
-
Target
34D023E0F662D1DCACC5168A46A686BEA468F3C7EA424C5AF500B9D885C71121
-
Size
284KB
-
Sample
230718-zkncbsdh47
-
MD5
bffa31d53229ecf1b564924334c3f4ca
-
SHA1
e289a361fa488da1c1233daba6e912811e1b76d6
-
SHA256
34d023e0f662d1dcacc5168a46a686bea468f3c7ea424c5af500b9d885c71121
-
SHA512
e295213a9dfbd86e17f91dae09f5cb49460e11ced523eac66b01359898311fe7f4f0667f0d168771983f4553f87c9eeb6d369a0cfc068c8e34666da3af61ee2c
-
SSDEEP
6144:4Ya6txz2Mad5XR9sNa57Zeb9cyU84Yas0eKY6r6:4YnxJadz9VQb9erA6
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY 03746 SRC Project.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
INQUIRY 03746 SRC Project.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ifeanyi@12
Targets
-
-
Target
INQUIRY 03746 SRC Project.com
-
Size
222KB
-
MD5
fdc6598bd27d4707cdc94286ffb6ffc4
-
SHA1
ffc0d6d1df15adf481bb601bd3971873167b9cc5
-
SHA256
da9c5f609ebbcf19aef3d6992d451ccbe4fa77858660f6861146d1a486e1d98e
-
SHA512
f300adb7ba7d428added50de4443b07304fb222f2ab1a5e2a8e020f4e3a852f267cdb3241f6de7c5e2b040707e559d68a83a3679392b3bc878b4f2ed47869fe9
-
SSDEEP
6144:vYa6txz2Mad5XR9sNa57Zeb9cyU84Yas0eKY6r6b:vYnxJadz9VQb9erA6i
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-