General
-
Target
GTE 7000345678.exe
-
Size
559KB
-
Sample
231204-k6q8saab69
-
MD5
175656747a014cd0405388c8796f769d
-
SHA1
7f138da24c764f6d37b2d690df32481ba686d448
-
SHA256
140cd16c7087789b1bff95f27ef03eef85e37e34362f6676a8eaff268b7c693a
-
SHA512
1fe26f24918b2365c9735bbbab48248268fcfb25c9858df9912c34e15004a1e14117787386755cd40782671f33cdde704affa41c8f51a74956dff04b649a19cb
-
SSDEEP
12288:aS2dfQBQfYfliYNF95lWq5SoASsA6sB20XCI9:B2dfWXflnTjlWrU6420XT9
Static task
static1
Behavioral task
behavioral1
Sample
GTE 7000345678.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
GTE 7000345678.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.etasimali.com - Port:
587 - Username:
[email protected] - Password:
RECRUTEMENT@2023 - Email To:
[email protected]
Targets
-
-
Target
GTE 7000345678.exe
-
Size
559KB
-
MD5
175656747a014cd0405388c8796f769d
-
SHA1
7f138da24c764f6d37b2d690df32481ba686d448
-
SHA256
140cd16c7087789b1bff95f27ef03eef85e37e34362f6676a8eaff268b7c693a
-
SHA512
1fe26f24918b2365c9735bbbab48248268fcfb25c9858df9912c34e15004a1e14117787386755cd40782671f33cdde704affa41c8f51a74956dff04b649a19cb
-
SSDEEP
12288:aS2dfQBQfYfliYNF95lWq5SoASsA6sB20XCI9:B2dfWXflnTjlWrU6420XT9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-