General
-
Target
tmp
-
Size
653KB
-
Sample
231212-kgll1ahhbm
-
MD5
e878cf1fdb26cb2f05f11fbbea050b36
-
SHA1
c12e3d33bf4c7a3484b20d71e7caa2d1d793f1ca
-
SHA256
9cd108e6109466daee67e47f97eff7e9f1494f8b0a56b5f10eb0003d39d125a8
-
SHA512
0a869c7c809c598714024bf1657b8dbd3e79345117f9ee3cef93b827808db62f696d5733f77c062e443e9a9adbe3cb8632272248f7ecfb360000ae114440dae8
-
SSDEEP
12288:f43IU8S6eUdmKD+ldPxN15Jktn9Nz8zjUcRM7UeLCANXlIPrjycsSps3H:fWItSAdmKD+zPxN154n9Nlc2DLCQXSP0
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.helikhodro.com - Port:
587 - Username:
[email protected] - Password:
@Ii9121070423 - Email To:
[email protected]
Targets
-
-
Target
tmp
-
Size
653KB
-
MD5
e878cf1fdb26cb2f05f11fbbea050b36
-
SHA1
c12e3d33bf4c7a3484b20d71e7caa2d1d793f1ca
-
SHA256
9cd108e6109466daee67e47f97eff7e9f1494f8b0a56b5f10eb0003d39d125a8
-
SHA512
0a869c7c809c598714024bf1657b8dbd3e79345117f9ee3cef93b827808db62f696d5733f77c062e443e9a9adbe3cb8632272248f7ecfb360000ae114440dae8
-
SSDEEP
12288:f43IU8S6eUdmKD+ldPxN15Jktn9Nz8zjUcRM7UeLCANXlIPrjycsSps3H:fWItSAdmKD+zPxN154n9Nlc2DLCQXSP0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-