General
-
Target
1100b4580e6299445e00a5c268060f3ae748fe19e3879b84a39cd35f5fce8626.exe
-
Size
624KB
-
Sample
231201-v2jy1seb52
-
MD5
54ecd7b2d5a8a4e14160c7812efa1237
-
SHA1
31423f28116f6b7340327d3f2d292650298bb5bd
-
SHA256
1100b4580e6299445e00a5c268060f3ae748fe19e3879b84a39cd35f5fce8626
-
SHA512
d3a815d0158f95d443ab6094987ed80d53940f6e96f5e92c169744186c00212664b589e6e4deb20dbb2f5150ba9b6d9b8e81de468b18d077094c34868fba706d
-
SSDEEP
12288:GqfLYYZXTya5izWNoTpF+UzFReSwgOPt6DJfyKtpfS4nSo6d2BN36LNd+cx:dXTbirHeVtlG1yKHSQSXdGqLNk
Static task
static1
Behavioral task
behavioral1
Sample
1100b4580e6299445e00a5c268060f3ae748fe19e3879b84a39cd35f5fce8626.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
1100b4580e6299445e00a5c268060f3ae748fe19e3879b84a39cd35f5fce8626.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.svnprintechnologies.com - Port:
587 - Username:
[email protected] - Password:
Svnprint@1234
Extracted
agenttesla
Protocol: smtp- Host:
mail.svnprintechnologies.com - Port:
587 - Username:
[email protected] - Password:
Svnprint@1234 - Email To:
[email protected]
Targets
-
-
Target
1100b4580e6299445e00a5c268060f3ae748fe19e3879b84a39cd35f5fce8626.exe
-
Size
624KB
-
MD5
54ecd7b2d5a8a4e14160c7812efa1237
-
SHA1
31423f28116f6b7340327d3f2d292650298bb5bd
-
SHA256
1100b4580e6299445e00a5c268060f3ae748fe19e3879b84a39cd35f5fce8626
-
SHA512
d3a815d0158f95d443ab6094987ed80d53940f6e96f5e92c169744186c00212664b589e6e4deb20dbb2f5150ba9b6d9b8e81de468b18d077094c34868fba706d
-
SSDEEP
12288:GqfLYYZXTya5izWNoTpF+UzFReSwgOPt6DJfyKtpfS4nSo6d2BN36LNd+cx:dXTbirHeVtlG1yKHSQSXdGqLNk
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-