General
-
Target
6fcecfa549267bc93d3e1171a20d85f6f52b5350234e7a876ac37a21235058fb
-
Size
589KB
-
Sample
231206-cr1vnsac26
-
MD5
78c5bac4dfa513cf39fb0d44435017f3
-
SHA1
7bd2cca71ec164a85a10fb849591b438ff54712d
-
SHA256
6fcecfa549267bc93d3e1171a20d85f6f52b5350234e7a876ac37a21235058fb
-
SHA512
d68c38301bae5b03346c45ef361ffc709a8762befa979688a609660f0ce881d36157a9a839092114ee2c5179c5bd0387a384e78ae57cbf3ac424c58acdf6a33e
-
SSDEEP
12288:qxPgUr7QA+SRIHj5TCkvibt3oXuWtTrzKD:KxASA97vk4+WprWD
Static task
static1
Behavioral task
behavioral1
Sample
6fcecfa549267bc93d3e1171a20d85f6f52b5350234e7a876ac37a21235058fb.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
6fcecfa549267bc93d3e1171a20d85f6f52b5350234e7a876ac37a21235058fb.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
premium185.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
cooldown2013
Targets
-
-
Target
6fcecfa549267bc93d3e1171a20d85f6f52b5350234e7a876ac37a21235058fb
-
Size
589KB
-
MD5
78c5bac4dfa513cf39fb0d44435017f3
-
SHA1
7bd2cca71ec164a85a10fb849591b438ff54712d
-
SHA256
6fcecfa549267bc93d3e1171a20d85f6f52b5350234e7a876ac37a21235058fb
-
SHA512
d68c38301bae5b03346c45ef361ffc709a8762befa979688a609660f0ce881d36157a9a839092114ee2c5179c5bd0387a384e78ae57cbf3ac424c58acdf6a33e
-
SSDEEP
12288:qxPgUr7QA+SRIHj5TCkvibt3oXuWtTrzKD:KxASA97vk4+WprWD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-