General
-
Target
Doc 20230512.exe
-
Size
695KB
-
Sample
231205-jy3q6sac79
-
MD5
c891275650f4cfc017f91d1132b15b34
-
SHA1
2ba052377e2df3d036e7f8d80a88ced4dedbc5b9
-
SHA256
5bb7ca6a83079f79045f0fa552b1df5b003f01e6f348e6f5da91793c660647e6
-
SHA512
ef9f5a348c399d3f9091b1ad9368f8940862b89f1af8c9591ba7d788d47044682a28cbdeddd46678f0819afef0a40e0b23179a3f80fe673e2b6cdfe2c43dd16e
-
SSDEEP
12288:Xnl5nF80iHjbxEsoZZ+kwV9/Qaf2GVBSmr0QpG1zBjGHdbR04dqrlbm:3lKlEsnvonGz0Qp64kHhbm
Static task
static1
Behavioral task
behavioral1
Sample
Doc 20230512.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Doc 20230512.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sg3plcpnl0195.prod.sin3.secureserver.net - Port:
587 - Username:
[email protected] - Password:
V#[email protected]&Qo! - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
sg3plcpnl0195.prod.sin3.secureserver.net - Port:
587 - Username:
[email protected] - Password:
V#[email protected]&Qo!
Targets
-
-
Target
Doc 20230512.exe
-
Size
695KB
-
MD5
c891275650f4cfc017f91d1132b15b34
-
SHA1
2ba052377e2df3d036e7f8d80a88ced4dedbc5b9
-
SHA256
5bb7ca6a83079f79045f0fa552b1df5b003f01e6f348e6f5da91793c660647e6
-
SHA512
ef9f5a348c399d3f9091b1ad9368f8940862b89f1af8c9591ba7d788d47044682a28cbdeddd46678f0819afef0a40e0b23179a3f80fe673e2b6cdfe2c43dd16e
-
SSDEEP
12288:Xnl5nF80iHjbxEsoZZ+kwV9/Qaf2GVBSmr0QpG1zBjGHdbR04dqrlbm:3lKlEsnvonGz0Qp64kHhbm
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-