General
-
Target
2688511cebff014631fbf81c7dc6935268692a73caaa3dc7b0ff13639eb46106
-
Size
686KB
-
Sample
231205-v27ebadg64
-
MD5
84700bb79e9e57bbb123cbe7fb07617a
-
SHA1
40b7b26c4b8373263caafe09cb96f715b64dcde4
-
SHA256
2688511cebff014631fbf81c7dc6935268692a73caaa3dc7b0ff13639eb46106
-
SHA512
5230a0ca55d082a529bde4c7a2e4d687cab8906eb719e893eb54f6162d45ed0a9579d288e649557fa51a989cc18d583a25d82b98d88fc93d2cf24258af8c4df5
-
SSDEEP
12288:7aew5JSFYpBxqY4fcWF0ynmTG6lXZiNtW5WMXh5JLGZbSKgH1B4IYXXKFaQ:7SpCY4fcWmynqlJj5z5JLGwKg74IYHKx
Static task
static1
Behavioral task
behavioral1
Sample
ccc.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
ccc.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.acestar.com.ph - Port:
587 - Username:
[email protected] - Password:
cssubic@12345 - Email To:
[email protected]
Targets
-
-
Target
ccc.exe
-
Size
800KB
-
MD5
356dc248b383e7fcb2af3b499522ec55
-
SHA1
9853c898464b54803e4774ecb6d6e5f8f74c59eb
-
SHA256
7f5c8c23a60ac9447e6c8b2ed0ee40b1cdde28e95ace22c15dac79ae7ac6da0d
-
SHA512
8a417ffba7103c979842f5c539b9e942272dd73899bcd8bb5456a328848d1beab19f72761ebbeb404dafbd625b324ee8b94ab81762b8b1466bf46e4ff6ca9d74
-
SSDEEP
12288:GxdKE6jD/62iNG5nF8fTLGOj30sN8vJ8S976Yc1Cp9gpwu1VWO36NLzXIfmnBGY:GzKtD/61ISTL0sNkCS9D/Y71VUTMm
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-