General
-
Target
27d672cb71c052ba0379590d9fa4ad1253f9b2c12692586bf5829ed0b8d94431
-
Size
668KB
-
Sample
231212-n9e7gacfan
-
MD5
e50f7c3cc61113fa9007f36f6562c654
-
SHA1
b43b2434f4aad4970143dab912e4f047faa4e4a9
-
SHA256
27d672cb71c052ba0379590d9fa4ad1253f9b2c12692586bf5829ed0b8d94431
-
SHA512
f1776fc6935971b57a5cd5f20bd2728d0bd78102327541924f958da7654916b6457893fd32228fa1214ec3e536ac4e4cf55fc04e797e1fe1c34fb1eb65dc3c02
-
SSDEEP
12288:immc+4WpAETy8agvmAWu+Ttcv47vMiPn3eQA2MqJe4SZ2sFYtbYu6Ff8+:GpAEJagv0u+OwT3C8e4ZpY
Static task
static1
Behavioral task
behavioral1
Sample
27d672cb71c052ba0379590d9fa4ad1253f9b2c12692586bf5829ed0b8d94431.exe
Resource
win7-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.helikhodro.com - Port:
587 - Username:
[email protected] - Password:
@Ii9121070423 - Email To:
[email protected]
Targets
-
-
Target
27d672cb71c052ba0379590d9fa4ad1253f9b2c12692586bf5829ed0b8d94431
-
Size
668KB
-
MD5
e50f7c3cc61113fa9007f36f6562c654
-
SHA1
b43b2434f4aad4970143dab912e4f047faa4e4a9
-
SHA256
27d672cb71c052ba0379590d9fa4ad1253f9b2c12692586bf5829ed0b8d94431
-
SHA512
f1776fc6935971b57a5cd5f20bd2728d0bd78102327541924f958da7654916b6457893fd32228fa1214ec3e536ac4e4cf55fc04e797e1fe1c34fb1eb65dc3c02
-
SSDEEP
12288:immc+4WpAETy8agvmAWu+Ttcv47vMiPn3eQA2MqJe4SZ2sFYtbYu6Ff8+:GpAEJagv0u+OwT3C8e4ZpY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-