General
-
Target
BL copy.zip
-
Size
690KB
-
Sample
231205-j2mt5aaa3w
-
MD5
18eb11b7d5bcd114e1f4232322148107
-
SHA1
74368632616c09542a2d9d52576d649a5006ef45
-
SHA256
cfcaa86b82ccc8a8f2ba738e1411862316c945de73d22ccc72bbce99b8aa192c
-
SHA512
6945a2595e544582b67f6f9d188ef1c0ddec1ba10eb3a6eedbcb2ec1ef4d23c863fa2802e434a447b79f28ac0fc3a2627d0952a6c59ce7774d532879e6106f52
-
SSDEEP
12288:pGA9i03rrTNY/NfSLGyj30kNUjJ88976Mc1+w5WNc1pHJ1hbsYPq:pM03rPNFLGkNmC899frNoppbi
Static task
static1
Behavioral task
behavioral1
Sample
ccc.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
ccc.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.acestar.com.ph - Port:
587 - Username:
[email protected] - Password:
cssubic@12345 - Email To:
[email protected]
Targets
-
-
Target
ccc.exe
-
Size
800KB
-
MD5
356dc248b383e7fcb2af3b499522ec55
-
SHA1
9853c898464b54803e4774ecb6d6e5f8f74c59eb
-
SHA256
7f5c8c23a60ac9447e6c8b2ed0ee40b1cdde28e95ace22c15dac79ae7ac6da0d
-
SHA512
8a417ffba7103c979842f5c539b9e942272dd73899bcd8bb5456a328848d1beab19f72761ebbeb404dafbd625b324ee8b94ab81762b8b1466bf46e4ff6ca9d74
-
SSDEEP
12288:GxdKE6jD/62iNG5nF8fTLGOj30sN8vJ8S976Yc1Cp9gpwu1VWO36NLzXIfmnBGY:GzKtD/61ISTL0sNkCS9D/Y71VUTMm
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-