General
-
Target
4500212574.exe
-
Size
463KB
-
Sample
231013-qkhmeaaa6s
-
MD5
754f0be1b270930c602fa39e7f4e0027
-
SHA1
20c766255f804d0175e3c5c2120b2022d7041063
-
SHA256
57008a87cd574f34005b825703fc301def80f754852ecff3943bd9d2dbdf1cde
-
SHA512
6c8593ec1e2a1d10a2e7eb0b1d0385d4748e5487e7e02cf95ea73181a91ef70ffa54812d8eafa2f5590b9ed5b7337350a6fc81466e18c27e551848f735da3a70
-
SSDEEP
6144:/Eo4Dx0NmwIyeHIy9KAJ2WG1UpjIf6oSSG5P9you4aN1ypdPG88Sd5hPEMbE/peD:V4Dq7eHIyCWOqjmG5P9yr4QEGX7MbG
Static task
static1
Behavioral task
behavioral1
Sample
4500212574.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
4500212574.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.joilart.com - Port:
587 - Username:
dragan@joilart.com - Password:
s861IVO5iP
Extracted
agenttesla
Protocol: smtp- Host:
mail.joilart.com - Port:
587 - Username:
dragan@joilart.com - Password:
s861IVO5iP - Email To:
miki.sun@centerguitar.co
Targets
-
-
Target
4500212574.exe
-
Size
463KB
-
MD5
754f0be1b270930c602fa39e7f4e0027
-
SHA1
20c766255f804d0175e3c5c2120b2022d7041063
-
SHA256
57008a87cd574f34005b825703fc301def80f754852ecff3943bd9d2dbdf1cde
-
SHA512
6c8593ec1e2a1d10a2e7eb0b1d0385d4748e5487e7e02cf95ea73181a91ef70ffa54812d8eafa2f5590b9ed5b7337350a6fc81466e18c27e551848f735da3a70
-
SSDEEP
6144:/Eo4Dx0NmwIyeHIy9KAJ2WG1UpjIf6oSSG5P9you4aN1ypdPG88Sd5hPEMbE/peD:V4Dq7eHIyCWOqjmG5P9yr4QEGX7MbG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-