General
-
Target
922e195fa678774b165a2de211e400d2886bf06ee62c1eb372c58d364862bae9
-
Size
1.8MB
-
Sample
231204-b21rzsgd79
-
MD5
37743628366e7f9f8f440feed89800c2
-
SHA1
daa05f2e44fef51f018385d7bcc040e01af87206
-
SHA256
922e195fa678774b165a2de211e400d2886bf06ee62c1eb372c58d364862bae9
-
SHA512
e7aa8f10363798cdeba7a2134feee9b6c2e23f6a2ab17af41ce2ad517e48181834d93111cf320446b7ef2638b46753e64688b974b271509ab4157dc9c635af31
-
SSDEEP
49152:zQKs42G2MO+OwfBP9dl9A1BE+xdZLh8yBhKd/:/l9AjRBwd/
Static task
static1
Behavioral task
behavioral1
Sample
922e195fa678774b165a2de211e400d2886bf06ee62c1eb372c58d364862bae9.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
922e195fa678774b165a2de211e400d2886bf06ee62c1eb372c58d364862bae9.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
{f];qthoiBBW - Email To:
[email protected]
Targets
-
-
Target
922e195fa678774b165a2de211e400d2886bf06ee62c1eb372c58d364862bae9
-
Size
1.8MB
-
MD5
37743628366e7f9f8f440feed89800c2
-
SHA1
daa05f2e44fef51f018385d7bcc040e01af87206
-
SHA256
922e195fa678774b165a2de211e400d2886bf06ee62c1eb372c58d364862bae9
-
SHA512
e7aa8f10363798cdeba7a2134feee9b6c2e23f6a2ab17af41ce2ad517e48181834d93111cf320446b7ef2638b46753e64688b974b271509ab4157dc9c635af31
-
SSDEEP
49152:zQKs42G2MO+OwfBP9dl9A1BE+xdZLh8yBhKd/:/l9AjRBwd/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-