General
-
Target
ca340328a09ac92cb4560a3ae9b479d314c5aa1eb551e38bf138034cd41abce7.exe
-
Size
1007KB
-
Sample
231201-v326zseb67
-
MD5
81e322ffa4f08ef1ce49fc1401f523d6
-
SHA1
aff846fdab534596a2b79d7d4b37813e25b9055f
-
SHA256
ca340328a09ac92cb4560a3ae9b479d314c5aa1eb551e38bf138034cd41abce7
-
SHA512
529f6be71dac266ad62149434591e58892df222c822151bd1afd99d4fd27cc7f51f7b71b340a2408ac63029accf63d4b550167bbbb4d941df267750aed792507
-
SSDEEP
12288:Kr9NAc2ZJGgcAGBUS/3OCvY43AZ8LjY4D4DLi/aDgOdcGrZdD:K/MG+Y3ZvRAyLjY4D4DLcGrZdD
Static task
static1
Behavioral task
behavioral1
Sample
ca340328a09ac92cb4560a3ae9b479d314c5aa1eb551e38bf138034cd41abce7.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
ca340328a09ac92cb4560a3ae9b479d314c5aa1eb551e38bf138034cd41abce7.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mailbuilderbuilder.com - Port:
587 - Username:
[email protected] - Password:
Alluminio.1 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mailbuilderbuilder.com - Port:
587 - Username:
[email protected] - Password:
Alluminio.1
Targets
-
-
Target
ca340328a09ac92cb4560a3ae9b479d314c5aa1eb551e38bf138034cd41abce7.exe
-
Size
1007KB
-
MD5
81e322ffa4f08ef1ce49fc1401f523d6
-
SHA1
aff846fdab534596a2b79d7d4b37813e25b9055f
-
SHA256
ca340328a09ac92cb4560a3ae9b479d314c5aa1eb551e38bf138034cd41abce7
-
SHA512
529f6be71dac266ad62149434591e58892df222c822151bd1afd99d4fd27cc7f51f7b71b340a2408ac63029accf63d4b550167bbbb4d941df267750aed792507
-
SSDEEP
12288:Kr9NAc2ZJGgcAGBUS/3OCvY43AZ8LjY4D4DLi/aDgOdcGrZdD:K/MG+Y3ZvRAyLjY4D4DLcGrZdD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-