General
-
Target
233388d94222a924ea54604e4e2ab0d12d730cfa58c09f10070b812ef16f3d67.exe
-
Size
827KB
-
Sample
231208-q1jjmsaaem
-
MD5
e381119d4028bffcdde3ee3fd19dd526
-
SHA1
c40003854d42c7d022e0ea2bdea721709345ac81
-
SHA256
233388d94222a924ea54604e4e2ab0d12d730cfa58c09f10070b812ef16f3d67
-
SHA512
e071de3b23366a01ff4984a0adb414612dc9b22ffe7389d77e3beb0ccc50d6ee50832533b9fac49362e8d1d140d512a4c1df477ae96e641daa740b4cddf401a6
-
SSDEEP
24576:7MeVvo/ndA5w80rCvFKUNCexCdM1DKGYfpBhtD/BD+:ro/ndf9rC0ezCdK9Y3BD
Static task
static1
Behavioral task
behavioral1
Sample
233388d94222a924ea54604e4e2ab0d12d730cfa58c09f10070b812ef16f3d67.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
233388d94222a924ea54604e4e2ab0d12d730cfa58c09f10070b812ef16f3d67.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.helikhodro.com - Port:
587 - Username:
[email protected] - Password:
@Ii9121070423 - Email To:
[email protected]
Targets
-
-
Target
233388d94222a924ea54604e4e2ab0d12d730cfa58c09f10070b812ef16f3d67.exe
-
Size
827KB
-
MD5
e381119d4028bffcdde3ee3fd19dd526
-
SHA1
c40003854d42c7d022e0ea2bdea721709345ac81
-
SHA256
233388d94222a924ea54604e4e2ab0d12d730cfa58c09f10070b812ef16f3d67
-
SHA512
e071de3b23366a01ff4984a0adb414612dc9b22ffe7389d77e3beb0ccc50d6ee50832533b9fac49362e8d1d140d512a4c1df477ae96e641daa740b4cddf401a6
-
SSDEEP
24576:7MeVvo/ndA5w80rCvFKUNCexCdM1DKGYfpBhtD/BD+:ro/ndf9rC0ezCdK9Y3BD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-