General
-
Target
340d16854967a7c5d1b613d471f0b0c0ace3c88e26a38318b754df75a5638f33exe.exe
-
Size
812KB
-
Sample
231205-wntfzade9y
-
MD5
0eca1ff62f8625aa1c0489462855d6fe
-
SHA1
4d9e6bb1d05523c70ed92a94eeed74c034aa2086
-
SHA256
340d16854967a7c5d1b613d471f0b0c0ace3c88e26a38318b754df75a5638f33
-
SHA512
9a16d88734e085d538c94cf2e263c47cc93fdd6d006ed63677522658a6c57146d731ee8bc6414011b222bcb5a04800db14be96290beab865f4c03cb3d219ec3d
-
SSDEEP
12288:e3WDtW8G34/uK45+po2kCMe96riKpJlnbRL/m5UogjGD2JzxeHloX3lKX5JIr0:C34/up+pJkfriKPS5UoiGiByuX1KX
Static task
static1
Behavioral task
behavioral1
Sample
340d16854967a7c5d1b613d471f0b0c0ace3c88e26a38318b754df75a5638f33exe.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
340d16854967a7c5d1b613d471f0b0c0ace3c88e26a38318b754df75a5638f33exe.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lubdub.com - Port:
587 - Username:
[email protected] - Password:
J-y!2e_fWMH_XP8F_008 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.lubdub.com - Port:
587 - Username:
[email protected] - Password:
J-y!2e_fWMH_XP8F_008
Targets
-
-
Target
340d16854967a7c5d1b613d471f0b0c0ace3c88e26a38318b754df75a5638f33exe.exe
-
Size
812KB
-
MD5
0eca1ff62f8625aa1c0489462855d6fe
-
SHA1
4d9e6bb1d05523c70ed92a94eeed74c034aa2086
-
SHA256
340d16854967a7c5d1b613d471f0b0c0ace3c88e26a38318b754df75a5638f33
-
SHA512
9a16d88734e085d538c94cf2e263c47cc93fdd6d006ed63677522658a6c57146d731ee8bc6414011b222bcb5a04800db14be96290beab865f4c03cb3d219ec3d
-
SSDEEP
12288:e3WDtW8G34/uK45+po2kCMe96riKpJlnbRL/m5UogjGD2JzxeHloX3lKX5JIr0:C34/up+pJkfriKPS5UoiGiByuX1KX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-