General
-
Target
8af5b6dc94c7b1a2752aac8dba3c000cc6d889507ee09e5e52f948430195282d
-
Size
628KB
-
Sample
240327-be46wsge46
-
MD5
be47912c008ba24aff05b08991969bd2
-
SHA1
84c34e11098deba6d51da5b2e03a1813c9e44514
-
SHA256
8af5b6dc94c7b1a2752aac8dba3c000cc6d889507ee09e5e52f948430195282d
-
SHA512
cc64809c9a235de8d15ee72a86706c8f14bba216eb298557efe4bc38b84ea5e8cadd7c3d999676805de3afd4aae81bd22773e2193fc7ee8d091f490d03a4af69
-
SSDEEP
12288:tI/PuD+HOGk9Hg+WObVUWJtY4bac8pnY1Ypa+rUoC3zu:Yy+Hi9HzWObVDJtYnpn3ou
Static task
static1
Behavioral task
behavioral1
Sample
8af5b6dc94c7b1a2752aac8dba3c000cc6d889507ee09e5e52f948430195282d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8af5b6dc94c7b1a2752aac8dba3c000cc6d889507ee09e5e52f948430195282d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gosportz.in - Port:
587 - Username:
[email protected] - Password:
Ss@gosportz - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.gosportz.in - Port:
587 - Username:
[email protected] - Password:
Ss@gosportz
Targets
-
-
Target
8af5b6dc94c7b1a2752aac8dba3c000cc6d889507ee09e5e52f948430195282d
-
Size
628KB
-
MD5
be47912c008ba24aff05b08991969bd2
-
SHA1
84c34e11098deba6d51da5b2e03a1813c9e44514
-
SHA256
8af5b6dc94c7b1a2752aac8dba3c000cc6d889507ee09e5e52f948430195282d
-
SHA512
cc64809c9a235de8d15ee72a86706c8f14bba216eb298557efe4bc38b84ea5e8cadd7c3d999676805de3afd4aae81bd22773e2193fc7ee8d091f490d03a4af69
-
SSDEEP
12288:tI/PuD+HOGk9Hg+WObVUWJtY4bac8pnY1Ypa+rUoC3zu:Yy+Hi9HzWObVDJtYnpn3ou
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-