General
-
Target
c5e889c90e9ee1d2c1660d7b0613d4e505532bda0babb53ae6a907306d984830
-
Size
378KB
-
Sample
231205-vvgv3sde89
-
MD5
f17a3bf3a98cbf96fc6709a683d1e009
-
SHA1
4c4b3e8c96e509b8efa3c9c2a0b758b964a2d253
-
SHA256
c5e889c90e9ee1d2c1660d7b0613d4e505532bda0babb53ae6a907306d984830
-
SHA512
58d3b4364501d462a091f0161576783c14469d0ca4505ed482500fdcf6ad29eeac79a70f8ae350e2215adc6ec07b851c4396514e35ad48709e7b9a618a7863ff
-
SSDEEP
6144:AhPFA97fvpCDx/2yFb+uBIpjKLHBB0gJkLnaxRCVWFZgb:AtFA97HpCDx/TFTHPzxJq
Static task
static1
Behavioral task
behavioral1
Sample
c5e889c90e9ee1d2c1660d7b0613d4e505532bda0babb53ae6a907306d984830.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
c5e889c90e9ee1d2c1660d7b0613d4e505532bda0babb53ae6a907306d984830.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
(;1q-5*CoN.3 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
(;1q-5*CoN.3
Targets
-
-
Target
c5e889c90e9ee1d2c1660d7b0613d4e505532bda0babb53ae6a907306d984830
-
Size
378KB
-
MD5
f17a3bf3a98cbf96fc6709a683d1e009
-
SHA1
4c4b3e8c96e509b8efa3c9c2a0b758b964a2d253
-
SHA256
c5e889c90e9ee1d2c1660d7b0613d4e505532bda0babb53ae6a907306d984830
-
SHA512
58d3b4364501d462a091f0161576783c14469d0ca4505ed482500fdcf6ad29eeac79a70f8ae350e2215adc6ec07b851c4396514e35ad48709e7b9a618a7863ff
-
SSDEEP
6144:AhPFA97fvpCDx/2yFb+uBIpjKLHBB0gJkLnaxRCVWFZgb:AtFA97HpCDx/TFTHPzxJq
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-