General
-
Target
55333ccf924e391b2c042b45ce6fe1d7293d7b4fd287f7f3621a8d5247238bae
-
Size
702KB
-
Sample
231206-d48lqaah39
-
MD5
f87399530de4ad4f35a5b4e171b073be
-
SHA1
20043466363a943c2d260c56a52a0c8f66db9e7f
-
SHA256
55333ccf924e391b2c042b45ce6fe1d7293d7b4fd287f7f3621a8d5247238bae
-
SHA512
ae92f95178ec9acd52b3c75f0cc01bce454d88ae25560a0c3221e51da076c00f140ed324ad8a90f5612d5115251ea78190e4036bacfee0773169e9f7fd2fef23
-
SSDEEP
12288:+7l5nF83YtMiNILH0lBEz7vWQSvTZb0nRvn09MYELU2k3ujojoI4UJgucZ4lz4dU:+lEYOiNHlBEz7vWxvynxn90CM8IHr04j
Static task
static1
Behavioral task
behavioral1
Sample
55333ccf924e391b2c042b45ce6fe1d7293d7b4fd287f7f3621a8d5247238bae.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
55333ccf924e391b2c042b45ce6fe1d7293d7b4fd287f7f3621a8d5247238bae.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.officeemailbackup.com - Port:
587 - Username:
[email protected] - Password:
nqSvd}lzdUt1 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.officeemailbackup.com - Port:
587 - Username:
[email protected] - Password:
nqSvd}lzdUt1
Targets
-
-
Target
55333ccf924e391b2c042b45ce6fe1d7293d7b4fd287f7f3621a8d5247238bae
-
Size
702KB
-
MD5
f87399530de4ad4f35a5b4e171b073be
-
SHA1
20043466363a943c2d260c56a52a0c8f66db9e7f
-
SHA256
55333ccf924e391b2c042b45ce6fe1d7293d7b4fd287f7f3621a8d5247238bae
-
SHA512
ae92f95178ec9acd52b3c75f0cc01bce454d88ae25560a0c3221e51da076c00f140ed324ad8a90f5612d5115251ea78190e4036bacfee0773169e9f7fd2fef23
-
SSDEEP
12288:+7l5nF83YtMiNILH0lBEz7vWQSvTZb0nRvn09MYELU2k3ujojoI4UJgucZ4lz4dU:+lEYOiNHlBEz7vWxvynxn90CM8IHr04j
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-