General
-
Target
3de379139a1c147a730638552851518562431ee09254ac2c50961fb1a8ee70b8
-
Size
697KB
-
Sample
231203-cv1zvaha58
-
MD5
d7e980df2f5d33b2034053d5b61dd93d
-
SHA1
2c4a4e7024a01d6647eb7714c6a70ba8bc327914
-
SHA256
3de379139a1c147a730638552851518562431ee09254ac2c50961fb1a8ee70b8
-
SHA512
29b4c6b3d38ae48fac2e98d4ad5daad42b242253b250136795b5c8aa4f74b27e42587173eabe4ed55457edf62ccf390f41f8bb7d45f5c3bce7bc14f6700713b4
-
SSDEEP
12288:Sbw1E6jD/89U2w2xzzmkl8cCKV0jOmZ8iuXcs+PIopox/f:aw1tD/QUp2xvmHcCw0j9KcpQe
Static task
static1
Behavioral task
behavioral1
Sample
3de379139a1c147a730638552851518562431ee09254ac2c50961fb1a8ee70b8.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
3de379139a1c147a730638552851518562431ee09254ac2c50961fb1a8ee70b8.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server273.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
u+02zTxG@m]H - Email To:
[email protected]
Targets
-
-
Target
3de379139a1c147a730638552851518562431ee09254ac2c50961fb1a8ee70b8
-
Size
697KB
-
MD5
d7e980df2f5d33b2034053d5b61dd93d
-
SHA1
2c4a4e7024a01d6647eb7714c6a70ba8bc327914
-
SHA256
3de379139a1c147a730638552851518562431ee09254ac2c50961fb1a8ee70b8
-
SHA512
29b4c6b3d38ae48fac2e98d4ad5daad42b242253b250136795b5c8aa4f74b27e42587173eabe4ed55457edf62ccf390f41f8bb7d45f5c3bce7bc14f6700713b4
-
SSDEEP
12288:Sbw1E6jD/89U2w2xzzmkl8cCKV0jOmZ8iuXcs+PIopox/f:aw1tD/QUp2xvmHcCw0j9KcpQe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-