General
-
Target
1c6c27efcb4c84e8ebefe53a760e59bd246e17ec60bd6d73c809df6f90221bbd
-
Size
695KB
-
Sample
231209-cezf3sffc7
-
MD5
b0cb5b21f387e3a57b04f95e5e525b7a
-
SHA1
f9bad09e8eb643871b844df31b7f9ddccf171f95
-
SHA256
1c6c27efcb4c84e8ebefe53a760e59bd246e17ec60bd6d73c809df6f90221bbd
-
SHA512
7c44681b0df64250017e88ca858a4799b721eeaee7c09131d757265954a0cae5158b4b6f2b8e4f3eae57366c357dd00208014faf748f74b35ab218f3baf09e2c
-
SSDEEP
12288:ul5nF85VdqrlbKxqNfgAgj+u5V90McO8Rei0Dl1skejfcjtaUWgvcnO:uloqhbKxgq/90VOAeXCjQa1O
Static task
static1
Behavioral task
behavioral1
Sample
1c6c27efcb4c84e8ebefe53a760e59bd246e17ec60bd6d73c809df6f90221bbd.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
1c6c27efcb4c84e8ebefe53a760e59bd246e17ec60bd6d73c809df6f90221bbd.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
nl10.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
6G]uV2})e[^% - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
nl10.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
6G]uV2})e[^%
Targets
-
-
Target
1c6c27efcb4c84e8ebefe53a760e59bd246e17ec60bd6d73c809df6f90221bbd
-
Size
695KB
-
MD5
b0cb5b21f387e3a57b04f95e5e525b7a
-
SHA1
f9bad09e8eb643871b844df31b7f9ddccf171f95
-
SHA256
1c6c27efcb4c84e8ebefe53a760e59bd246e17ec60bd6d73c809df6f90221bbd
-
SHA512
7c44681b0df64250017e88ca858a4799b721eeaee7c09131d757265954a0cae5158b4b6f2b8e4f3eae57366c357dd00208014faf748f74b35ab218f3baf09e2c
-
SSDEEP
12288:ul5nF85VdqrlbKxqNfgAgj+u5V90McO8Rei0Dl1skejfcjtaUWgvcnO:uloqhbKxgq/90VOAeXCjQa1O
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-