General
-
Target
7eca2ea7a4a3277614817211bf5b148091b5a33f9d089d125d36ef973c512227
-
Size
826KB
-
Sample
231206-b4dp8shh78
-
MD5
f4da6df69533333b2c6fb4eadcc45793
-
SHA1
3d73f3f8c3952e68840e3c658c47d919fb7733db
-
SHA256
7eca2ea7a4a3277614817211bf5b148091b5a33f9d089d125d36ef973c512227
-
SHA512
f8f1bd284e02c89ecd6f411b27262d94c7be67a1c08daedda837d4880d68c9d8ea4ad765d56e6654319393b59641ac426b25623c47f753ea079f79d16026b601
-
SSDEEP
24576:XMd8+VRO+Zd8ZaKCX+OYW3nCcGYfpBhtD/:PyJqZaKQRYW3+Y3
Static task
static1
Behavioral task
behavioral1
Sample
7eca2ea7a4a3277614817211bf5b148091b5a33f9d089d125d36ef973c512227.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
7eca2ea7a4a3277614817211bf5b148091b5a33f9d089d125d36ef973c512227.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Brillium360@@ - Email To:
[email protected]
Targets
-
-
Target
7eca2ea7a4a3277614817211bf5b148091b5a33f9d089d125d36ef973c512227
-
Size
826KB
-
MD5
f4da6df69533333b2c6fb4eadcc45793
-
SHA1
3d73f3f8c3952e68840e3c658c47d919fb7733db
-
SHA256
7eca2ea7a4a3277614817211bf5b148091b5a33f9d089d125d36ef973c512227
-
SHA512
f8f1bd284e02c89ecd6f411b27262d94c7be67a1c08daedda837d4880d68c9d8ea4ad765d56e6654319393b59641ac426b25623c47f753ea079f79d16026b601
-
SSDEEP
24576:XMd8+VRO+Zd8ZaKCX+OYW3nCcGYfpBhtD/:PyJqZaKQRYW3+Y3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-