General
-
Target
cf8a0aa897bf7afe4415e5a8dd65e5b4c00b9a787a4b1cdec48dd59d5d8048f2
-
Size
172KB
-
Sample
231209-chf4xaffe2
-
MD5
e63736194712fd0770fcf5e43b012c5a
-
SHA1
3bfbcc780b00d7c9e0561bb604cbeb25161ddc4f
-
SHA256
cf8a0aa897bf7afe4415e5a8dd65e5b4c00b9a787a4b1cdec48dd59d5d8048f2
-
SHA512
47885a93e5c948c1c4bf41c2c48f6011dd85ffc81b25955d5faa1e1b5c84ea9468adea36dc8209cd0130827a72f62907bd33b14e4934dd72fa7af0ee90522dc1
-
SSDEEP
3072:oqv04c6tuZFXWpboyW/r2X5HSeLK7MIESzL1ymd4x0EK8365yD7yP:B/c6EZVYkT2pHDLK4wJylx0El38yD
Static task
static1
Behavioral task
behavioral1
Sample
cf8a0aa897bf7afe4415e5a8dd65e5b4c00b9a787a4b1cdec48dd59d5d8048f2.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
cf8a0aa897bf7afe4415e5a8dd65e5b4c00b9a787a4b1cdec48dd59d5d8048f2.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.etasimali.com - Port:
587 - Username:
[email protected] - Password:
RECRUTEMENT@2023
Extracted
agenttesla
Protocol: smtp- Host:
mail.etasimali.com - Port:
587 - Username:
[email protected] - Password:
RECRUTEMENT@2023 - Email To:
[email protected]
Targets
-
-
Target
cf8a0aa897bf7afe4415e5a8dd65e5b4c00b9a787a4b1cdec48dd59d5d8048f2
-
Size
172KB
-
MD5
e63736194712fd0770fcf5e43b012c5a
-
SHA1
3bfbcc780b00d7c9e0561bb604cbeb25161ddc4f
-
SHA256
cf8a0aa897bf7afe4415e5a8dd65e5b4c00b9a787a4b1cdec48dd59d5d8048f2
-
SHA512
47885a93e5c948c1c4bf41c2c48f6011dd85ffc81b25955d5faa1e1b5c84ea9468adea36dc8209cd0130827a72f62907bd33b14e4934dd72fa7af0ee90522dc1
-
SSDEEP
3072:oqv04c6tuZFXWpboyW/r2X5HSeLK7MIESzL1ymd4x0EK8365yD7yP:B/c6EZVYkT2pHDLK4wJylx0El38yD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-