General
-
Target
5f010877aa2a19af0395aa9faa351df8d2c13ab68b61063e34edfe17c2d75a0fexe.exe
-
Size
638KB
-
Sample
231207-yc45fafa35
-
MD5
10477de164af2dd3f724c2ae1a24a98b
-
SHA1
499746a12043721b7e08985087b54ee23f7f8903
-
SHA256
5f010877aa2a19af0395aa9faa351df8d2c13ab68b61063e34edfe17c2d75a0f
-
SHA512
1fb8a8a14f340103b9547ff65896b36f0e25678a25fc99775ceff25da56227fc7553c6f2f54587e28ef274e10f10048b194021494bea5673a764ef8db3215193
-
SSDEEP
12288:6wWQaueH5qUhZXrkvoaY2CCuRnfyyc2oSSJRF5vnmlGNvuHk1Ctd37Duhy:6w6qUhEoTRVRfncHSqFJgGNPoz
Static task
static1
Behavioral task
behavioral1
Sample
5f010877aa2a19af0395aa9faa351df8d2c13ab68b61063e34edfe17c2d75a0fexe.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
5f010877aa2a19af0395aa9faa351df8d2c13ab68b61063e34edfe17c2d75a0fexe.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
nl10.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
k[yH!8Z$AE;d - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
nl10.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
k[yH!8Z$AE;d
Targets
-
-
Target
5f010877aa2a19af0395aa9faa351df8d2c13ab68b61063e34edfe17c2d75a0fexe.exe
-
Size
638KB
-
MD5
10477de164af2dd3f724c2ae1a24a98b
-
SHA1
499746a12043721b7e08985087b54ee23f7f8903
-
SHA256
5f010877aa2a19af0395aa9faa351df8d2c13ab68b61063e34edfe17c2d75a0f
-
SHA512
1fb8a8a14f340103b9547ff65896b36f0e25678a25fc99775ceff25da56227fc7553c6f2f54587e28ef274e10f10048b194021494bea5673a764ef8db3215193
-
SSDEEP
12288:6wWQaueH5qUhZXrkvoaY2CCuRnfyyc2oSSJRF5vnmlGNvuHk1Ctd37Duhy:6w6qUhEoTRVRfncHSqFJgGNPoz
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-