General
-
Target
9313fe726df71a9a251ff4c7cbeacd9ddd6f187a747c4d3f25f93ecc070de738
-
Size
722KB
-
Sample
231206-c6sslsad76
-
MD5
e1b84cc702389fffaeecf94481e7158d
-
SHA1
3b0e8e30f939c27e1e367310a0574d095b49eb0a
-
SHA256
9313fe726df71a9a251ff4c7cbeacd9ddd6f187a747c4d3f25f93ecc070de738
-
SHA512
be04219495a6bf75c853ec530d298a4be1b6cbfe54e81cdcbe6286643f774325d86dd2a26da5fb6cac253cb7e9d534738660581f29e07d715caaa1a150f06c86
-
SSDEEP
12288:C/w5nF8ME6jD/L636xR123PtBojgkVC/pqCy+xeeODKnrWC8xxTlCRVW:CYPtD/KI123PbLEseF284VW
Static task
static1
Behavioral task
behavioral1
Sample
9313fe726df71a9a251ff4c7cbeacd9ddd6f187a747c4d3f25f93ecc070de738.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
9313fe726df71a9a251ff4c7cbeacd9ddd6f187a747c4d3f25f93ecc070de738.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.trisquarespl.com - Port:
587 - Username:
[email protected] - Password:
vphYSHb*2 - Email To:
[email protected]
Targets
-
-
Target
9313fe726df71a9a251ff4c7cbeacd9ddd6f187a747c4d3f25f93ecc070de738
-
Size
722KB
-
MD5
e1b84cc702389fffaeecf94481e7158d
-
SHA1
3b0e8e30f939c27e1e367310a0574d095b49eb0a
-
SHA256
9313fe726df71a9a251ff4c7cbeacd9ddd6f187a747c4d3f25f93ecc070de738
-
SHA512
be04219495a6bf75c853ec530d298a4be1b6cbfe54e81cdcbe6286643f774325d86dd2a26da5fb6cac253cb7e9d534738660581f29e07d715caaa1a150f06c86
-
SSDEEP
12288:C/w5nF8ME6jD/L636xR123PtBojgkVC/pqCy+xeeODKnrWC8xxTlCRVW:CYPtD/KI123PbLEseF284VW
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-