General
-
Target
2BD9D64F0A291F17F1DB4D10DF0AC690508912E2720FADF24E7B33D11FFEF781
-
Size
807KB
-
Sample
231206-epynmsbb27
-
MD5
f3e5f3fb41efb48631fa8e489e577376
-
SHA1
f41d3f093d035645d6a56cf684c6458c14d7bbbe
-
SHA256
2bd9d64f0a291f17f1db4d10df0ac690508912e2720fadf24e7b33d11ffef781
-
SHA512
f799f4c771b43c9ae0a2bb8e923acc35e32c5189c946ed312fc4029cd1ec84adeafe592750d964d408fdc7d25be0e7a9ae10198d054858ae9468bb0d734397d4
-
SSDEEP
12288:RzZCBBW0iMbWtgXTqgIlF2Oyw41MzPlIBTxealH6hPCayOiWQXHCba9rDEwYURV:REXW0i9WTDIlOwBEMuICZO43vBKG
Static task
static1
Behavioral task
behavioral1
Sample
R7275-12112023.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
R7275-12112023.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.printforyou.pl - Port:
587 - Username:
[email protected] - Password:
Maciekmaciek2016!@@ - Email To:
[email protected]
Targets
-
-
Target
R7275-12112023.exe
-
Size
1.1MB
-
MD5
cbdcf99f5255ed189e1135067b2e64e0
-
SHA1
fb18f5f1a346db21f062d8b88893bc428fc472e7
-
SHA256
1d7b401ea7bf4f36433e63335d35807a419d1c1fc2c3f1ef1702898713e11757
-
SHA512
691c25339317be4e73df957dd859c5904607ae5dae3cbc5a702705fe924944c83e4433b61d77d2c1708c2f253b33276706a992b848620ece0b2bd5d31476d90c
-
SSDEEP
24576:rclEznOqRtyOuiNRh5XYaNjetr6XgE+qlHb8f9K:UEznOaNRh5XYaNjet2XpFJ8fk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-