General
-
Target
Confirmacaodeconta.exe
-
Size
841KB
-
Sample
231203-t3tzyada88
-
MD5
c0faf71f9d3d14e79bec6769860b564f
-
SHA1
2f11711bf5b4aa115d160e022b14cd1e91570737
-
SHA256
692469e7237af7cf1c4d4b9d7abcbd5064732f6318ed91c21bd11e8f8adce3c4
-
SHA512
63b1c4c1767fd23f18fb06f86bdd885861dfb63359cc890fe0b9aabbab67189400d676d325bddbdbb48010ca8650fdb83fe81656c07eb65dd8f0c55e2ca38764
-
SSDEEP
24576:IyT/7fbYvQed+5d5o57m9KuDa/MFEbma:IyTjfbYvk5/o57mk0wma
Static task
static1
Behavioral task
behavioral1
Sample
Confirmacaodeconta.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
Confirmacaodeconta.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hsbv1.nl - Port:
587 - Username:
[email protected] - Password:
xdDPyH(8 - Email To:
[email protected]
Targets
-
-
Target
Confirmacaodeconta.exe
-
Size
841KB
-
MD5
c0faf71f9d3d14e79bec6769860b564f
-
SHA1
2f11711bf5b4aa115d160e022b14cd1e91570737
-
SHA256
692469e7237af7cf1c4d4b9d7abcbd5064732f6318ed91c21bd11e8f8adce3c4
-
SHA512
63b1c4c1767fd23f18fb06f86bdd885861dfb63359cc890fe0b9aabbab67189400d676d325bddbdbb48010ca8650fdb83fe81656c07eb65dd8f0c55e2ca38764
-
SSDEEP
24576:IyT/7fbYvQed+5d5o57m9KuDa/MFEbma:IyTjfbYvk5/o57mk0wma
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-