General
-
Target
962f4765723a864922cbe7b67996faecd54a6eea02ec5f7e3368dcc6b0728576
-
Size
378KB
-
Sample
231205-v5brtadc8y
-
MD5
0fdfe2791dc1f3378b2f4722753dafeb
-
SHA1
9f4e4a990e6bee0744e51576d3f9dc3c96cb9dc6
-
SHA256
962f4765723a864922cbe7b67996faecd54a6eea02ec5f7e3368dcc6b0728576
-
SHA512
1f7fc277c1c22f1264085c0211c02b5ea79727622bf1422c5ceaa6b1678628f8d335f52dde4e0c27193201dcb008e8a7cbbed01d5c9d4719c838d9a8642acd01
-
SSDEEP
6144:FVHsE6p7umpYGzXYQUebLrOrIw4xNGYfqxOH+oaIviPHc+k3iIecCb:FVHslamp3XYQX3Ol0QQH+/Iqpk2
Static task
static1
Behavioral task
behavioral1
Sample
962f4765723a864922cbe7b67996faecd54a6eea02ec5f7e3368dcc6b0728576.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
962f4765723a864922cbe7b67996faecd54a6eea02ec5f7e3368dcc6b0728576.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
4B&)2?E3_!2K - Email To:
[email protected]
Targets
-
-
Target
962f4765723a864922cbe7b67996faecd54a6eea02ec5f7e3368dcc6b0728576
-
Size
378KB
-
MD5
0fdfe2791dc1f3378b2f4722753dafeb
-
SHA1
9f4e4a990e6bee0744e51576d3f9dc3c96cb9dc6
-
SHA256
962f4765723a864922cbe7b67996faecd54a6eea02ec5f7e3368dcc6b0728576
-
SHA512
1f7fc277c1c22f1264085c0211c02b5ea79727622bf1422c5ceaa6b1678628f8d335f52dde4e0c27193201dcb008e8a7cbbed01d5c9d4719c838d9a8642acd01
-
SSDEEP
6144:FVHsE6p7umpYGzXYQUebLrOrIw4xNGYfqxOH+oaIviPHc+k3iIecCb:FVHslamp3XYQX3Ol0QQH+/Iqpk2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-