General
-
Target
9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8
-
Size
748KB
-
Sample
231213-crhzvsegak
-
MD5
ef850c07c2d8e95e2fea98d6ff2177f2
-
SHA1
366b374dc3166ff678bfc9c665282f3a50eaf1c2
-
SHA256
9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8
-
SHA512
d04dcec60688ea2d12e75850674915d28eefe98325fd35b587b001aa07ad9f858681adc27c7fc690eacf724df4fc2d05a6f57c90f17e075d30bc2d39f09d505c
-
SSDEEP
12288:T05yw54Jk+lK6zsd5gP8OvRPC6bSUUyJkqvZG05oCiM1dtOQq4OdKyWXG84h:wyYefJ25BOvdC6WUbJTjtzVOdK4vh
Static task
static1
Behavioral task
behavioral1
Sample
9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sysnetglobal.com - Port:
587 - Username:
[email protected] - Password:
Vrsk@131202 - Email To:
[email protected]
Targets
-
-
Target
9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8
-
Size
748KB
-
MD5
ef850c07c2d8e95e2fea98d6ff2177f2
-
SHA1
366b374dc3166ff678bfc9c665282f3a50eaf1c2
-
SHA256
9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8
-
SHA512
d04dcec60688ea2d12e75850674915d28eefe98325fd35b587b001aa07ad9f858681adc27c7fc690eacf724df4fc2d05a6f57c90f17e075d30bc2d39f09d505c
-
SSDEEP
12288:T05yw54Jk+lK6zsd5gP8OvRPC6bSUUyJkqvZG05oCiM1dtOQq4OdKyWXG84h:wyYefJ25BOvdC6WUbJTjtzVOdK4vh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-