General
-
Target
d83308216ff4cd0305fb4e92e10bcec5bf54fb2eb9e71819b0215fefa654853f.exe
-
Size
872KB
-
Sample
231208-pmnqrsdg3w
-
MD5
7c6011d318ed96dd3c50b0e5b762ac2d
-
SHA1
83d2f1d2665d0a82e974a140d2aca39af4fd9df5
-
SHA256
d83308216ff4cd0305fb4e92e10bcec5bf54fb2eb9e71819b0215fefa654853f
-
SHA512
b8b08a20acfbfb1cc28020f92d04749cea0faa4c302c58dacfe8526b68620ffde9c34f85801f0ab651b0438dce19e14b52d0dc074775ce283b97bae925f648ed
-
SSDEEP
24576:CktD/F2k78Rv2Z/dNjW22wPm/4TQhdd/HI:CIgk78cZ/dlWTF/4Tezg
Static task
static1
Behavioral task
behavioral1
Sample
d83308216ff4cd0305fb4e92e10bcec5bf54fb2eb9e71819b0215fefa654853f.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
d83308216ff4cd0305fb4e92e10bcec5bf54fb2eb9e71819b0215fefa654853f.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.trisquarespl.com - Port:
587 - Username:
[email protected] - Password:
vphYSHb*2 - Email To:
[email protected]
Targets
-
-
Target
d83308216ff4cd0305fb4e92e10bcec5bf54fb2eb9e71819b0215fefa654853f.exe
-
Size
872KB
-
MD5
7c6011d318ed96dd3c50b0e5b762ac2d
-
SHA1
83d2f1d2665d0a82e974a140d2aca39af4fd9df5
-
SHA256
d83308216ff4cd0305fb4e92e10bcec5bf54fb2eb9e71819b0215fefa654853f
-
SHA512
b8b08a20acfbfb1cc28020f92d04749cea0faa4c302c58dacfe8526b68620ffde9c34f85801f0ab651b0438dce19e14b52d0dc074775ce283b97bae925f648ed
-
SSDEEP
24576:CktD/F2k78Rv2Z/dNjW22wPm/4TQhdd/HI:CIgk78cZ/dlWTF/4Tezg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-