General
-
Target
ce2606e475087d78e07cc9a5f2d785d40251c54cb5f4229f92261e7350c159cf
-
Size
343KB
-
Sample
231206-bex3kshf64
-
MD5
0be6881a64fb4f7665935154a2b2348a
-
SHA1
d8351a2a753da651ec41ff34bd0942b96e54651e
-
SHA256
ce2606e475087d78e07cc9a5f2d785d40251c54cb5f4229f92261e7350c159cf
-
SHA512
82ba4a62711dfa793faaaceba3ea646db134b3f8d6d786a6a1fa22cce2d6b2e38d4b4f5fb60ae3d042efed2ccc38e47342651dc7202d7a3f19603a559ec77869
-
SSDEEP
6144:IrXuvpWh3YUvfIfxn+d8OqW5gSdyMYXKlYtzSLiV5MU1lxH8xWLSjqatC:SevpWhoQKo5n9WKlYtzSkTZ2j
Static task
static1
Behavioral task
behavioral1
Sample
ce2606e475087d78e07cc9a5f2d785d40251c54cb5f4229f92261e7350c159cf.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
ce2606e475087d78e07cc9a5f2d785d40251c54cb5f4229f92261e7350c159cf.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.marmoraria51.com.br - Port:
587 - Username:
[email protected] - Password:
m5132019838000113
Extracted
agenttesla
Protocol: smtp- Host:
mail.marmoraria51.com.br - Port:
587 - Username:
[email protected] - Password:
m5132019838000113 - Email To:
[email protected]
Targets
-
-
Target
ce2606e475087d78e07cc9a5f2d785d40251c54cb5f4229f92261e7350c159cf
-
Size
343KB
-
MD5
0be6881a64fb4f7665935154a2b2348a
-
SHA1
d8351a2a753da651ec41ff34bd0942b96e54651e
-
SHA256
ce2606e475087d78e07cc9a5f2d785d40251c54cb5f4229f92261e7350c159cf
-
SHA512
82ba4a62711dfa793faaaceba3ea646db134b3f8d6d786a6a1fa22cce2d6b2e38d4b4f5fb60ae3d042efed2ccc38e47342651dc7202d7a3f19603a559ec77869
-
SSDEEP
6144:IrXuvpWh3YUvfIfxn+d8OqW5gSdyMYXKlYtzSLiV5MU1lxH8xWLSjqatC:SevpWhoQKo5n9WKlYtzSkTZ2j
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-