General
-
Target
e31882ee09f143f623d285b74d2b0386c97ff6490154efb0e2bd1a181b13974f.exe
-
Size
611KB
-
Sample
231201-vp5d7aea2z
-
MD5
f32a6ab75017b52d706244fa0df72efb
-
SHA1
cf1797c6665d35a4fd3fb04c46889f4ecf92a5ad
-
SHA256
e31882ee09f143f623d285b74d2b0386c97ff6490154efb0e2bd1a181b13974f
-
SHA512
2acc9d9d0a120c6be424e524f00a5a58084aa2e7824d2e3a10a51e07d7b728677e24d3d315cebb82fc026dcc1e80b4486885edaa5ff67261cdad07a78ba10a8b
-
SSDEEP
12288:eqfLYYZXTyiUzHShUeojAa/Gtaf19vk/adT9VdJNvTvClMQorA1T:1XT5PSSak/adT9XJpTvClMQT1
Static task
static1
Behavioral task
behavioral1
Sample
e31882ee09f143f623d285b74d2b0386c97ff6490154efb0e2bd1a181b13974f.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
e31882ee09f143f623d285b74d2b0386c97ff6490154efb0e2bd1a181b13974f.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
benneth1975@@@@@
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
benneth1975@@@@@ - Email To:
[email protected]
Targets
-
-
Target
e31882ee09f143f623d285b74d2b0386c97ff6490154efb0e2bd1a181b13974f.exe
-
Size
611KB
-
MD5
f32a6ab75017b52d706244fa0df72efb
-
SHA1
cf1797c6665d35a4fd3fb04c46889f4ecf92a5ad
-
SHA256
e31882ee09f143f623d285b74d2b0386c97ff6490154efb0e2bd1a181b13974f
-
SHA512
2acc9d9d0a120c6be424e524f00a5a58084aa2e7824d2e3a10a51e07d7b728677e24d3d315cebb82fc026dcc1e80b4486885edaa5ff67261cdad07a78ba10a8b
-
SSDEEP
12288:eqfLYYZXTyiUzHShUeojAa/Gtaf19vk/adT9VdJNvTvClMQorA1T:1XT5PSSak/adT9XJpTvClMQT1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-