General
-
Target
2d9a0704386d3f8838cb40d5f22952c2708e98cb9e359e0c3e106b617c26de64
-
Size
633KB
-
Sample
231205-t9lxxacd9t
-
MD5
4d52ebbb40c58cabc7d4571855935d70
-
SHA1
1d81f8c7c90f0381f5d096efe6fb2926e598af5b
-
SHA256
2d9a0704386d3f8838cb40d5f22952c2708e98cb9e359e0c3e106b617c26de64
-
SHA512
8ba82655cc438ead48b15cd2ad34a7f66b65ab4af59f435965a6f5a42da169088a21fb8da87aad32b3bd4b02e3be6b4c787080bedf93f1e9358e0f7ce760b4d5
-
SSDEEP
12288:kJ45+po2Toa8W5FQlCJeazX9Cwjajn8OXdyPWJzPG3JHJACu1Y:kU+pJTo1W57J9tCwInv4J
Static task
static1
Behavioral task
behavioral1
Sample
2d9a0704386d3f8838cb40d5f22952c2708e98cb9e359e0c3e106b617c26de64.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
2d9a0704386d3f8838cb40d5f22952c2708e98cb9e359e0c3e106b617c26de64.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.enviman.pt - Port:
587 - Username:
[email protected] - Password:
art74rty., - Email To:
[email protected]
Targets
-
-
Target
2d9a0704386d3f8838cb40d5f22952c2708e98cb9e359e0c3e106b617c26de64
-
Size
633KB
-
MD5
4d52ebbb40c58cabc7d4571855935d70
-
SHA1
1d81f8c7c90f0381f5d096efe6fb2926e598af5b
-
SHA256
2d9a0704386d3f8838cb40d5f22952c2708e98cb9e359e0c3e106b617c26de64
-
SHA512
8ba82655cc438ead48b15cd2ad34a7f66b65ab4af59f435965a6f5a42da169088a21fb8da87aad32b3bd4b02e3be6b4c787080bedf93f1e9358e0f7ce760b4d5
-
SSDEEP
12288:kJ45+po2Toa8W5FQlCJeazX9Cwjajn8OXdyPWJzPG3JHJACu1Y:kU+pJTo1W57J9tCwInv4J
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-