General
-
Target
7f83ce8d8a358060a86621e58e4feb4842613b257d2ad51f193cba4a1e2de36cexe.exe
-
Size
636KB
-
Sample
231207-x8swlsgb4z
-
MD5
5ed94cc7fe7a91bd4ac32347864deec1
-
SHA1
0e2f9c3959e309753ed8541447c9e0e4d15e3201
-
SHA256
7f83ce8d8a358060a86621e58e4feb4842613b257d2ad51f193cba4a1e2de36c
-
SHA512
9e3894c3c7e00902493b3dd063798dac8f1a61351f8486227b37b026f246572dced7613ace433b6a43baeb1dc4d6ab0d4f986231fdacb3b5632df67e6465fa18
-
SSDEEP
12288:JRnQaueH5qnsO4AvEqNqMzaHTMM9HwjjJo1xFulwct1F7BU+9dZHzM83mYubTJZS:JRlqn37QjHv9qJyvulfdP9dZA8xa1gYp
Static task
static1
Behavioral task
behavioral1
Sample
7f83ce8d8a358060a86621e58e4feb4842613b257d2ad51f193cba4a1e2de36cexe.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7f83ce8d8a358060a86621e58e4feb4842613b257d2ad51f193cba4a1e2de36cexe.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
YAWALESS123@@kkk - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
YAWALESS123@@kkk
Targets
-
-
Target
7f83ce8d8a358060a86621e58e4feb4842613b257d2ad51f193cba4a1e2de36cexe.exe
-
Size
636KB
-
MD5
5ed94cc7fe7a91bd4ac32347864deec1
-
SHA1
0e2f9c3959e309753ed8541447c9e0e4d15e3201
-
SHA256
7f83ce8d8a358060a86621e58e4feb4842613b257d2ad51f193cba4a1e2de36c
-
SHA512
9e3894c3c7e00902493b3dd063798dac8f1a61351f8486227b37b026f246572dced7613ace433b6a43baeb1dc4d6ab0d4f986231fdacb3b5632df67e6465fa18
-
SSDEEP
12288:JRnQaueH5qnsO4AvEqNqMzaHTMM9HwjjJo1xFulwct1F7BU+9dZHzM83mYubTJZS:JRlqn37QjHv9qJyvulfdP9dZA8xa1gYp
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-