General
-
Target
SecuriteInfo.com.W32.MSIL_Agent.FPI.gen.Eldorado.25932.5738.exe
-
Size
52.0MB
-
Sample
231205-vv5bdadf32
-
MD5
a9ffd92b461bb4f4ba3240c55a421977
-
SHA1
a9b070ae224d60eab0295f76f49bb29634ce4273
-
SHA256
d6eb6140e39e769a10efeb521eb6b6f6156cab370427af8de5dcd88c3cfeb63d
-
SHA512
f74a8867f843bc0429b2da01e238c9a96afa055a2d3fcf776ea00ecb2c5b1dd30b3f3f09434d6540e790ddb2238d86a104d873efffd24e466d2dce60b395b435
-
SSDEEP
12288:9B5nF8pREGHTbgSyLUYqofJNDSedQEgjoft9uAzLo9dIcOIfuOJ:bmgSy0uDSejQSt9/SdIKZJ
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.MSIL_Agent.FPI.gen.Eldorado.25932.5738.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.MSIL_Agent.FPI.gen.Eldorado.25932.5738.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flecon.com.sg - Port:
587 - Username:
[email protected] - Password:
8CJN6A87XUIU - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.W32.MSIL_Agent.FPI.gen.Eldorado.25932.5738.exe
-
Size
52.0MB
-
MD5
a9ffd92b461bb4f4ba3240c55a421977
-
SHA1
a9b070ae224d60eab0295f76f49bb29634ce4273
-
SHA256
d6eb6140e39e769a10efeb521eb6b6f6156cab370427af8de5dcd88c3cfeb63d
-
SHA512
f74a8867f843bc0429b2da01e238c9a96afa055a2d3fcf776ea00ecb2c5b1dd30b3f3f09434d6540e790ddb2238d86a104d873efffd24e466d2dce60b395b435
-
SSDEEP
12288:9B5nF8pREGHTbgSyLUYqofJNDSedQEgjoft9uAzLo9dIcOIfuOJ:bmgSy0uDSejQSt9/SdIKZJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-