General
-
Target
260b004e5569edcb9467479344568b48a633c6fe0607a58239da20195407f765
-
Size
666KB
-
Sample
240327-b86a2scf5z
-
MD5
9aeeda1bb191f5772aee7b8f8cbed6e2
-
SHA1
c145ac9cd3520071a00ac6d0c2f052c45942ef61
-
SHA256
260b004e5569edcb9467479344568b48a633c6fe0607a58239da20195407f765
-
SHA512
9bce3fbe1beac87fa69b491ae309a90e256b83b5298f7ec3e2ca858057db76f35bfa6964e734ace08551387d6ab1d4ffebb073978e4d1e2dd3c8f078fe915adc
-
SSDEEP
12288:uC5ackSCEqj6bNUZl/Ap4wv7bE+HW8lL/65lzMK:u9z2bNULBy7fHLL/6fzN
Static task
static1
Behavioral task
behavioral1
Sample
Pl (1).exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Pl (1).exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.awelleh3.top - Port:
587 - Username:
[email protected] - Password:
QcR_(8@AdfHa - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.awelleh3.top - Port:
587 - Username:
[email protected] - Password:
QcR_(8@AdfHa
Targets
-
-
Target
Pl (1).exe
-
Size
1.1MB
-
MD5
ae1fc5e5d9904a18868a4818002896bc
-
SHA1
f020e8d54a7af10140fae53cb42e019513ce0378
-
SHA256
c0411ae869eeeaf9bce9b7044dcaa2ed931100da22b133ae85ccad45f7499f54
-
SHA512
a2158b40a4daea4ff3c198bcf7347c72d44ef38b44631115e58cce64e8f78386d087fa7469458aec5857ffdb0d198816db93e71b74ec83319ce47c0c1b1f68a4
-
SSDEEP
24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8aJYLTAJ5w:0TvC/MTQYxsWR7aJYwJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-