General
-
Target
1f945d083df98f17a057c881fb022efcadcdc709a4fc1188b8cd3f91a6db17e2
-
Size
801KB
-
Sample
231206-dtxrgaaf77
-
MD5
fb28b56faaa0220b3dc1b57e2bb8f6af
-
SHA1
e4522a685dae0cce6062a01fff073552b6ef9c08
-
SHA256
1f945d083df98f17a057c881fb022efcadcdc709a4fc1188b8cd3f91a6db17e2
-
SHA512
fe46999ca65cb2cb54e4cc5639d5da0ef8be6daad0137a4eee1a7bb5db4287646bcb1d46951d43f7b7cc5228f639ba6e1cb15b660eda2ded71a1b36a1a420f15
-
SSDEEP
24576:JGKtD/61I6IK2IKUnCcqMLJjNRctimoE:P6K6IKdtLJBRuimo
Static task
static1
Behavioral task
behavioral1
Sample
1f945d083df98f17a057c881fb022efcadcdc709a4fc1188b8cd3f91a6db17e2.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
1f945d083df98f17a057c881fb022efcadcdc709a4fc1188b8cd3f91a6db17e2.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.etiketten.com.tr - Port:
587 - Username:
[email protected] - Password:
Satis2022+*! - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.etiketten.com.tr - Port:
587 - Username:
[email protected] - Password:
Satis2022+*!
Targets
-
-
Target
1f945d083df98f17a057c881fb022efcadcdc709a4fc1188b8cd3f91a6db17e2
-
Size
801KB
-
MD5
fb28b56faaa0220b3dc1b57e2bb8f6af
-
SHA1
e4522a685dae0cce6062a01fff073552b6ef9c08
-
SHA256
1f945d083df98f17a057c881fb022efcadcdc709a4fc1188b8cd3f91a6db17e2
-
SHA512
fe46999ca65cb2cb54e4cc5639d5da0ef8be6daad0137a4eee1a7bb5db4287646bcb1d46951d43f7b7cc5228f639ba6e1cb15b660eda2ded71a1b36a1a420f15
-
SSDEEP
24576:JGKtD/61I6IK2IKUnCcqMLJjNRctimoE:P6K6IKdtLJBRuimo
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-