General
-
Target
1.exe
-
Size
164KB
-
Sample
231205-w1la5adh9t
-
MD5
e06b4b39fd3087fa167badf3017937e8
-
SHA1
bed9f297239520657f1d2902ad684fe2e080df31
-
SHA256
0f1c8a3bfaeb3510d11c4ab58231de540a70732f38c50a7b5f528580e6409eb0
-
SHA512
8b37a3d11f78e9356fbc84c96e7c7fe18105a0120ebd47f6369f4d32a063cc86106f1b640414e3d176b5768d812686de6c2bd83e46e78d264da502b0616cc40e
-
SSDEEP
3072:p0A3u0hCfiEYtWa9LLkXCJZTJaDG2Me0:pxuTfiEYtAXC92
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mailbuilderbuilder.com - Port:
587 - Username:
[email protected] - Password:
Alluminio.1 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mailbuilderbuilder.com - Port:
587 - Username:
[email protected] - Password:
Alluminio.1
Targets
-
-
Target
1.exe
-
Size
164KB
-
MD5
e06b4b39fd3087fa167badf3017937e8
-
SHA1
bed9f297239520657f1d2902ad684fe2e080df31
-
SHA256
0f1c8a3bfaeb3510d11c4ab58231de540a70732f38c50a7b5f528580e6409eb0
-
SHA512
8b37a3d11f78e9356fbc84c96e7c7fe18105a0120ebd47f6369f4d32a063cc86106f1b640414e3d176b5768d812686de6c2bd83e46e78d264da502b0616cc40e
-
SSDEEP
3072:p0A3u0hCfiEYtWa9LLkXCJZTJaDG2Me0:pxuTfiEYtAXC92
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-