General
-
Target
eec74d1415093fb1433f94fd6b52e8ac88338d471aef2aedccbd3c82c32c8503
-
Size
244KB
-
Sample
231208-ctzemaaa6s
-
MD5
a40f4b0cda9886655d33a81d1d50d50b
-
SHA1
5c6f13b148be06b67200b7f10504911d6cac387c
-
SHA256
eec74d1415093fb1433f94fd6b52e8ac88338d471aef2aedccbd3c82c32c8503
-
SHA512
d55610ada45b562d52cae34cef121886adf0f5347056154ca3f4a6048afcdcea873871bb7963ddb21c506283252530a8ef2e963ef8acb09f8368e8057f670f72
-
SSDEEP
768:ZpOCUM461xGqTpjk6rNj8Nyo4LNCaCqJ6+rLnx+:XOnMz1IqTpreNyDNJCE8
Static task
static1
Behavioral task
behavioral1
Sample
Nlzteo.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
Nlzteo.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
Protocol: smtp- Host:
meka.ldc.lv - Port:
587 - Username:
[email protected] - Password:
DJj8Mza7MM
Extracted
agenttesla
Protocol: smtp- Host:
meka.ldc.lv - Port:
587 - Username:
[email protected] - Password:
DJj8Mza7MM - Email To:
[email protected]
Targets
-
-
Target
Nlzteo.exe
-
Size
193KB
-
MD5
b69f2cdbf28652571e762f9aac158b50
-
SHA1
2d10897a4446c1f64d5859140a83d516b3ffc358
-
SHA256
d82b131f63b7421b9de90ad8ac7a793d369996f1e16abcda35513fd06ca8d300
-
SHA512
d4e5f9baaed7a2b151d6e10c79de959d0a322d21e62e3a556fc9c5f0e763a4ef92e9e0c604108c9349af4ce80408890b547c82a95710b768e3169279477dbaac
-
SSDEEP
768:npOCUM461xGqTpjk6rNj8Nyo4LNCaCqJ6+rLnx+:pOnMz1IqTpreNyDNJCE8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-