General
-
Target
7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8
-
Size
1.1MB
-
Sample
240327-b4c4pshd77
-
MD5
b108f66a7dcac2f3e25394d3b720cb25
-
SHA1
07c57cb804aa69f303133a936dee48eb616f4683
-
SHA256
7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8
-
SHA512
d31c422afe44cbd23032c55ad5c5402bc2368bc1b366ef04b42218cccce217d7c082f8ef9a1c4cfa4ceb1aba807b5d54bdc7c4ddeb03a128b105cac8ff35d473
-
SSDEEP
24576:FZw+vVHcyqWzxhtuFf6N9ddeUavUJsErp/HIi93aGdsuoSn5Fa:Q
Static task
static1
Behavioral task
behavioral1
Sample
7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8.rtf
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gosportz.in - Port:
587 - Username:
[email protected] - Password:
Ss@gosportz - Email To:
[email protected]
Targets
-
-
Target
7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8
-
Size
1.1MB
-
MD5
b108f66a7dcac2f3e25394d3b720cb25
-
SHA1
07c57cb804aa69f303133a936dee48eb616f4683
-
SHA256
7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8
-
SHA512
d31c422afe44cbd23032c55ad5c5402bc2368bc1b366ef04b42218cccce217d7c082f8ef9a1c4cfa4ceb1aba807b5d54bdc7c4ddeb03a128b105cac8ff35d473
-
SSDEEP
24576:FZw+vVHcyqWzxhtuFf6N9ddeUavUJsErp/HIi93aGdsuoSn5Fa:Q
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-