General
-
Target
TS-240326-UF3.exe
-
Size
720KB
-
Sample
240326-s9kjeage8s
-
MD5
7f1e590dfd6337e811e274d6b4867a15
-
SHA1
581f34902e117fa50708059647beb36cffc1cd55
-
SHA256
73e936cfd45d5e597b147a50a4472b94a4cf508ab47acec98b66b6a52ba31db3
-
SHA512
337d7a5da08280398dcf419e47b4e510eb8bf08b2e3c6f6d5325a5b1e782835520e0cd58259c5b9745fb79a86e999267839394b541372982594157fe90650bdf
-
SSDEEP
12288:PCl7+a5WQwDpB/Dq6reWTbfD0fvMjtODAokgY2pR9KPQRGO5n9WgauzkR:6l76BDpB7q+zfQfeExC2pR9KPQR/k
Static task
static1
Behavioral task
behavioral1
Sample
TS-240326-UF3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TS-240326-UF3.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.trisquarespl.com - Port:
587 - Username:
[email protected] - Password:
YokTA(D3 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.trisquarespl.com - Port:
587 - Username:
[email protected] - Password:
YokTA(D3
Targets
-
-
Target
TS-240326-UF3.exe
-
Size
720KB
-
MD5
7f1e590dfd6337e811e274d6b4867a15
-
SHA1
581f34902e117fa50708059647beb36cffc1cd55
-
SHA256
73e936cfd45d5e597b147a50a4472b94a4cf508ab47acec98b66b6a52ba31db3
-
SHA512
337d7a5da08280398dcf419e47b4e510eb8bf08b2e3c6f6d5325a5b1e782835520e0cd58259c5b9745fb79a86e999267839394b541372982594157fe90650bdf
-
SSDEEP
12288:PCl7+a5WQwDpB/Dq6reWTbfD0fvMjtODAokgY2pR9KPQRGO5n9WgauzkR:6l76BDpB7q+zfQfeExC2pR9KPQR/k
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-