General
-
Target
17606c677999cee477794956fc3f7496ecc4defcb24aed8a3571f70ea5b20088
-
Size
760KB
-
Sample
231209-b4bkwaeack
-
MD5
3e32393a7b1d83de84b9b4833c1520f4
-
SHA1
e68079f47470393806a6e5dfd555a3dbf09b590b
-
SHA256
17606c677999cee477794956fc3f7496ecc4defcb24aed8a3571f70ea5b20088
-
SHA512
586386b54a90bf3d3d172ba8cb815e92947f5bf52db99b809c92848b709defe6238afab81ae715dd7dcc75881ab219e384c96c5249153a39133b69c3a634953a
-
SSDEEP
12288:WOSFja7XqkPETlYUcfgd4bJZyTY33a33S333333br70:Wy7tPpUxC26rg
Static task
static1
Behavioral task
behavioral1
Sample
1208_1_2023.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
1208_1_2023.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
12345asdfg@@@@@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
12345asdfg@@@@@
Targets
-
-
Target
1208_1_2023.exe
-
Size
700KB
-
MD5
f326fc9692962fc48ac24c2ddf53292b
-
SHA1
5e380c0f55ff1615c481a043b4d45e7ce3523e84
-
SHA256
5ccd3208f03a2b059b46c7c1434186942b1d30df15d370ad6103f85027ffd4cb
-
SHA512
0627a36e09eaed94274fd22fc8d4b7cc58281625ba1a14f9bb80b7ad4d1964e39e28f141013ada5841e68643b15d2575f2fa72ffba2b47dc39e1d156dacc97a7
-
SSDEEP
12288:ZOSFja7XqkPETlYUcfgd4bJZyTY33a33S333333br70:Zy7tPpUxC26rg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-