General
-
Target
fca3ca2242639018d3b6515b8ea383940af8691a8a966bfdf906f530f504f495
-
Size
919KB
-
Sample
231205-daxblahc26
-
MD5
e075ff2d74651f6c29a033f482bfb07a
-
SHA1
5858271a44b3b02e76cd412a94738c01bac80da1
-
SHA256
fca3ca2242639018d3b6515b8ea383940af8691a8a966bfdf906f530f504f495
-
SHA512
77b9131fc71c04b1477f4a64b1e749936cedf2be1a6bf6ed4d517b7eabf819c777b4438e7d522bd98336ee3a267fbc7bce528bd21b105cecc67328c691c517f6
-
SSDEEP
12288:gPn56cqtW8G34/uK45+po2u/1GKHfN3nWID7laFJAD5/s5cG/c6PIrVxztQT4cmr:M5R34/up+pJy1GKwI/IJE5YjgrVxV
Static task
static1
Behavioral task
behavioral1
Sample
fca3ca2242639018d3b6515b8ea383940af8691a8a966bfdf906f530f504f495.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
fca3ca2242639018d3b6515b8ea383940af8691a8a966bfdf906f530f504f495.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.europeanhome.vn - Port:
587 - Username:
[email protected] - Password:
Changchang137 - Email To:
[email protected]
Targets
-
-
Target
fca3ca2242639018d3b6515b8ea383940af8691a8a966bfdf906f530f504f495
-
Size
919KB
-
MD5
e075ff2d74651f6c29a033f482bfb07a
-
SHA1
5858271a44b3b02e76cd412a94738c01bac80da1
-
SHA256
fca3ca2242639018d3b6515b8ea383940af8691a8a966bfdf906f530f504f495
-
SHA512
77b9131fc71c04b1477f4a64b1e749936cedf2be1a6bf6ed4d517b7eabf819c777b4438e7d522bd98336ee3a267fbc7bce528bd21b105cecc67328c691c517f6
-
SSDEEP
12288:gPn56cqtW8G34/uK45+po2u/1GKHfN3nWID7laFJAD5/s5cG/c6PIrVxztQT4cmr:M5R34/up+pJy1GKwI/IJE5YjgrVxV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-