General
-
Target
286a74a3334c854df367f5a885a38acb68a0a000526054ef8426d15779549474exe.exe
-
Size
694KB
-
Sample
231207-yg969agd6z
-
MD5
239046147b36ff4763db827c7f9b6dc6
-
SHA1
b21e17ce0b240f59d6681971071fb00952154a46
-
SHA256
286a74a3334c854df367f5a885a38acb68a0a000526054ef8426d15779549474
-
SHA512
de130ed39cd8f4c4294e1dea04d5019ec939b7bd82cef41b08dd248205c5394b5b7eb428ac2655be9d6486e7e237a7caf0542ff4ac4adf6442cfc4d6dc524c76
-
SSDEEP
12288:4ueH5qGEWapltx5Vr1rzKp8TOQqT8IM+WzgqmpcmSLXUd5M2:MqbXpltpBKwFqT82aRmqQ5M2
Static task
static1
Behavioral task
behavioral1
Sample
286a74a3334c854df367f5a885a38acb68a0a000526054ef8426d15779549474exe.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
286a74a3334c854df367f5a885a38acb68a0a000526054ef8426d15779549474exe.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
YAWALESS123@@kkk - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
YAWALESS123@@kkk
Targets
-
-
Target
286a74a3334c854df367f5a885a38acb68a0a000526054ef8426d15779549474exe.exe
-
Size
694KB
-
MD5
239046147b36ff4763db827c7f9b6dc6
-
SHA1
b21e17ce0b240f59d6681971071fb00952154a46
-
SHA256
286a74a3334c854df367f5a885a38acb68a0a000526054ef8426d15779549474
-
SHA512
de130ed39cd8f4c4294e1dea04d5019ec939b7bd82cef41b08dd248205c5394b5b7eb428ac2655be9d6486e7e237a7caf0542ff4ac4adf6442cfc4d6dc524c76
-
SSDEEP
12288:4ueH5qGEWapltx5Vr1rzKp8TOQqT8IM+WzgqmpcmSLXUd5M2:MqbXpltpBKwFqT82aRmqQ5M2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-