General
-
Target
2cdcc1d29030507ba28587a131f8b98b8c2ae4834524b5e1b584937ce0527ef6
-
Size
428KB
-
Sample
231202-belpjshb3w
-
MD5
9ab42dab7f35c8d542ad44e9e6c0f0ca
-
SHA1
a6f0aa4fd5141c92cb506a77b1c3604c7a60d608
-
SHA256
2cdcc1d29030507ba28587a131f8b98b8c2ae4834524b5e1b584937ce0527ef6
-
SHA512
fe7ca1ace6cbd1a410fc96d3f92e19a53f0d7b46cfe458ab076b2fd59704e7a1d72833526a78b1c5a469e961f5735b8874c00fdaf11fa097a8e99db55f5661d8
-
SSDEEP
6144:Q7XEhgANGThYl152Jnu9u95ik0uZWRQ6uX7Ee/AnBDxq6Tlv2222+v8WEjeNplzQ:thgANZl1SuMLikaI7TIxq6c
Static task
static1
Behavioral task
behavioral1
Sample
2cdcc1d29030507ba28587a131f8b98b8c2ae4834524b5e1b584937ce0527ef6.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
2cdcc1d29030507ba28587a131f8b98b8c2ae4834524b5e1b584937ce0527ef6.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
meka.ldc.lv - Port:
587 - Username:
[email protected] - Password:
DJj8Mza7MM
Extracted
agenttesla
Protocol: smtp- Host:
meka.ldc.lv - Port:
587 - Username:
[email protected] - Password:
DJj8Mza7MM - Email To:
[email protected]
Targets
-
-
Target
2cdcc1d29030507ba28587a131f8b98b8c2ae4834524b5e1b584937ce0527ef6
-
Size
428KB
-
MD5
9ab42dab7f35c8d542ad44e9e6c0f0ca
-
SHA1
a6f0aa4fd5141c92cb506a77b1c3604c7a60d608
-
SHA256
2cdcc1d29030507ba28587a131f8b98b8c2ae4834524b5e1b584937ce0527ef6
-
SHA512
fe7ca1ace6cbd1a410fc96d3f92e19a53f0d7b46cfe458ab076b2fd59704e7a1d72833526a78b1c5a469e961f5735b8874c00fdaf11fa097a8e99db55f5661d8
-
SSDEEP
6144:Q7XEhgANGThYl152Jnu9u95ik0uZWRQ6uX7Ee/AnBDxq6Tlv2222+v8WEjeNplzQ:thgANZl1SuMLikaI7TIxq6c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-