General
-
Target
9f2803110567135a2498da26df47f89c6aee074c02454a4dc7fbda445bca02f6
-
Size
1.2MB
-
Sample
231206-dehn1aae53
-
MD5
dc3629c689f780b0330d0f735744a963
-
SHA1
08bb20ee11c5e912a2b4d8e52400cf929c241696
-
SHA256
9f2803110567135a2498da26df47f89c6aee074c02454a4dc7fbda445bca02f6
-
SHA512
b406b51b5569aad5c891cdb3dcab68af66e87dc3efb0dc4751ab55d1e9bb6edb9b50e139a380dc23b7e1f1274ca4cc665ae9b45332e748c22a5cd49c9e57d29c
-
SSDEEP
12288:GA5nF8ME6jD/JtIZbg9wvaCZ7DJmplbk9Kp73U2w8IADhncWPh1CFhL4Olij:GAPtD/gZKaBDugo93PNDhncYh1CFhM
Static task
static1
Behavioral task
behavioral1
Sample
REMITTAN.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
REMITTAN.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.etiketten.com.tr - Port:
587 - Username:
[email protected] - Password:
Satis2022+*! - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.etiketten.com.tr - Port:
587 - Username:
[email protected] - Password:
Satis2022+*!
Targets
-
-
Target
REMITTAN.EXE
-
Size
721KB
-
MD5
47a6a2b3592ad97d1d18a31b3090e414
-
SHA1
bdf8544c5480d2d1e4a13ad0e425e51e6fbe2194
-
SHA256
9558d70f5d111d3e310faf07b57bda48d03976a1eed6ed760d3bb42556bba30e
-
SHA512
591d78b9391b72377f1396c52dafa82964a2ae802e58575dc1fe76fbf072fca1f7bb9916251aadd8673b95604b5a58875c989d4f1c74f31bc0d845b2bbd00955
-
SSDEEP
12288:8A5nF8ME6jD/JtIZbg9wvaCZ7DJmplbk9Kp73U2w8IADhncWPh1CFhL4Olij:8APtD/gZKaBDugo93PNDhncYh1CFhM
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-