General
-
Target
325b87e07c701b3d53533a07a60f6b50e806bef116c86b32bbc908f5bfc741a2
-
Size
172KB
-
Sample
231206-dw5j4aag45
-
MD5
a281182a30c69580923abd430f149a8b
-
SHA1
33a7d202e3b02b06875a30151c3936cc6c944f04
-
SHA256
325b87e07c701b3d53533a07a60f6b50e806bef116c86b32bbc908f5bfc741a2
-
SHA512
7eb2320bbbd1ea83f909756b8186eee59fefe00b3933ac1a4fcb4c1f9b356f17a997776a6e48d073a04250097004f113a9a6574710c69c041bf47e91b75f4345
-
SSDEEP
3072:nAR2tHycSs7HRXW4jekWDzsdpO5XcTio1xbWuciwVIsT/sIqYak5QBtfUDAyP:nAR2py878iizspOcvuucVVIxIq6QLfUD
Static task
static1
Behavioral task
behavioral1
Sample
325b87e07c701b3d53533a07a60f6b50e806bef116c86b32bbc908f5bfc741a2.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
325b87e07c701b3d53533a07a60f6b50e806bef116c86b32bbc908f5bfc741a2.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.etasimali.com - Port:
587 - Username:
[email protected] - Password:
RECRUTEMENT@2023
Extracted
agenttesla
Protocol: smtp- Host:
mail.etasimali.com - Port:
587 - Username:
[email protected] - Password:
RECRUTEMENT@2023 - Email To:
[email protected]
Targets
-
-
Target
325b87e07c701b3d53533a07a60f6b50e806bef116c86b32bbc908f5bfc741a2
-
Size
172KB
-
MD5
a281182a30c69580923abd430f149a8b
-
SHA1
33a7d202e3b02b06875a30151c3936cc6c944f04
-
SHA256
325b87e07c701b3d53533a07a60f6b50e806bef116c86b32bbc908f5bfc741a2
-
SHA512
7eb2320bbbd1ea83f909756b8186eee59fefe00b3933ac1a4fcb4c1f9b356f17a997776a6e48d073a04250097004f113a9a6574710c69c041bf47e91b75f4345
-
SSDEEP
3072:nAR2tHycSs7HRXW4jekWDzsdpO5XcTio1xbWuciwVIsT/sIqYak5QBtfUDAyP:nAR2py878iizspOcvuucVVIxIq6QLfUD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-