General
-
Target
93c4767c2817ff4f46dbf0255eb37659e9b16f197e852fde1aa244b79b2021f8
-
Size
631KB
-
Sample
231202-b44xeshc67
-
MD5
786354f82e007ef2f7bcf86941d5eb0a
-
SHA1
a2132de33c4284f21ccebc0610807e4e9cfc44cf
-
SHA256
93c4767c2817ff4f46dbf0255eb37659e9b16f197e852fde1aa244b79b2021f8
-
SHA512
0c1ac73f9a0c1887486ca5817e483aa14ee20e6ae4ee33c355e4f02dffa40813e80963971762288db0d1626cdb32c3c70994c434d85fb04d21be42108b8be50c
-
SSDEEP
12288:JwodHzjZw2mKEt/NsXctbZJDhSuW4nCmfKOeeRhLA9Ejeab:zzPmKE39DJ33CmfKObLA9Jab
Static task
static1
Behavioral task
behavioral1
Sample
93c4767c2817ff4f46dbf0255eb37659e9b16f197e852fde1aa244b79b2021f8.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
93c4767c2817ff4f46dbf0255eb37659e9b16f197e852fde1aa244b79b2021f8.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
(;1q-5*CoN.3 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
(;1q-5*CoN.3
Targets
-
-
Target
93c4767c2817ff4f46dbf0255eb37659e9b16f197e852fde1aa244b79b2021f8
-
Size
631KB
-
MD5
786354f82e007ef2f7bcf86941d5eb0a
-
SHA1
a2132de33c4284f21ccebc0610807e4e9cfc44cf
-
SHA256
93c4767c2817ff4f46dbf0255eb37659e9b16f197e852fde1aa244b79b2021f8
-
SHA512
0c1ac73f9a0c1887486ca5817e483aa14ee20e6ae4ee33c355e4f02dffa40813e80963971762288db0d1626cdb32c3c70994c434d85fb04d21be42108b8be50c
-
SSDEEP
12288:JwodHzjZw2mKEt/NsXctbZJDhSuW4nCmfKOeeRhLA9Ejeab:zzPmKE39DJ33CmfKObLA9Jab
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-