General
-
Target
5b7f7cf397dd97e866977561a5b04a8876987f85e7291ac5bc24403f6c442e6f
-
Size
631KB
-
Sample
231202-cgwg7shd4t
-
MD5
1c8b19d096c0a4f6f5e9ba4170756a15
-
SHA1
b81f2c82bfa9730e95f761450eb257aa63e29125
-
SHA256
5b7f7cf397dd97e866977561a5b04a8876987f85e7291ac5bc24403f6c442e6f
-
SHA512
1be8c8b8fb81130c497ccb06bfb22b3ef49becf8981b197453617567f8f9c3e472af80f7ddceadae85d86768477ab20653a344c6b02c527f3c81875bfb63e38b
-
SSDEEP
12288:00oddzLZT4giIVJ6z2r3Q4Rgv8xbVRPwSiqR7ONRPCb9eeW:Szh4gi4/3QQjoSi7PCAeW
Static task
static1
Behavioral task
behavioral1
Sample
5b7f7cf397dd97e866977561a5b04a8876987f85e7291ac5bc24403f6c442e6f.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
5b7f7cf397dd97e866977561a5b04a8876987f85e7291ac5bc24403f6c442e6f.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
{f];qthoiBBW
Extracted
agenttesla
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
{f];qthoiBBW - Email To:
[email protected]
Targets
-
-
Target
5b7f7cf397dd97e866977561a5b04a8876987f85e7291ac5bc24403f6c442e6f
-
Size
631KB
-
MD5
1c8b19d096c0a4f6f5e9ba4170756a15
-
SHA1
b81f2c82bfa9730e95f761450eb257aa63e29125
-
SHA256
5b7f7cf397dd97e866977561a5b04a8876987f85e7291ac5bc24403f6c442e6f
-
SHA512
1be8c8b8fb81130c497ccb06bfb22b3ef49becf8981b197453617567f8f9c3e472af80f7ddceadae85d86768477ab20653a344c6b02c527f3c81875bfb63e38b
-
SSDEEP
12288:00oddzLZT4giIVJ6z2r3Q4Rgv8xbVRPwSiqR7ONRPCb9eeW:Szh4gi4/3QQjoSi7PCAeW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-