General
-
Target
7348c4148b52adea67edfe46fb55ea563aa619397e85538fdc365c30da19e60f.exe
-
Size
614KB
-
Sample
231201-v8fvyaec49
-
MD5
864e72e02c773ef3188ee1c2d4151c73
-
SHA1
f53ac23ada39df0cbbf4bd39b895676e92a37404
-
SHA256
7348c4148b52adea67edfe46fb55ea563aa619397e85538fdc365c30da19e60f
-
SHA512
cfeb71dce2cdc4bfe99e3a0a47f49650b713783fa2af1b6b300920596d484bc2499bab609018f4bc31fb3c493f479e936024250b1bac62781d578eff347c95fb
-
SSDEEP
12288:xqfLYYZXTy8lLQVtEotSe3cqhuWvK/bEAuBH4qgPZ5hN:kXTTlLQbEotT3cZ6TWXh
Static task
static1
Behavioral task
behavioral1
Sample
7348c4148b52adea67edfe46fb55ea563aa619397e85538fdc365c30da19e60f.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
7348c4148b52adea67edfe46fb55ea563aa619397e85538fdc365c30da19e60f.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.ovefood.com - Port:
587 - Username:
[email protected] - Password:
V!%TnIU9
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ovefood.com - Port:
587 - Username:
[email protected] - Password:
V!%TnIU9 - Email To:
[email protected]
Targets
-
-
Target
7348c4148b52adea67edfe46fb55ea563aa619397e85538fdc365c30da19e60f.exe
-
Size
614KB
-
MD5
864e72e02c773ef3188ee1c2d4151c73
-
SHA1
f53ac23ada39df0cbbf4bd39b895676e92a37404
-
SHA256
7348c4148b52adea67edfe46fb55ea563aa619397e85538fdc365c30da19e60f
-
SHA512
cfeb71dce2cdc4bfe99e3a0a47f49650b713783fa2af1b6b300920596d484bc2499bab609018f4bc31fb3c493f479e936024250b1bac62781d578eff347c95fb
-
SSDEEP
12288:xqfLYYZXTy8lLQVtEotSe3cqhuWvK/bEAuBH4qgPZ5hN:kXTTlLQbEotT3cZ6TWXh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-