General
-
Target
ec6aa373d4710c2c780d5ad213ce2be2ff53eff1cf5929f77b7d9d24d0388e9e
-
Size
603KB
-
Sample
240327-be7l1sge52
-
MD5
880595134579660fc349a460d041c309
-
SHA1
cc6ff967bf2d8161531671c6544de47807b64cb5
-
SHA256
ec6aa373d4710c2c780d5ad213ce2be2ff53eff1cf5929f77b7d9d24d0388e9e
-
SHA512
8fd4b97e2d7ad9d8aa38504316b9fc86813211653d3b289d9bee6a51791a31b1218cddad0313b1d5b71a94622122e894cb4d13b20579ba6e700ec230050eea15
-
SSDEEP
12288:Ci7Cm6Q3caJJX4oHGIJC2RzFVB9CLq7SpZtKDNJ24UYJsh+to:C9m6QMaH40JC2RPBALHQsmc
Static task
static1
Behavioral task
behavioral1
Sample
EV 4880 AF 271075403.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
EV 4880 AF 271075403.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hsbv1.nl - Port:
587 - Username:
[email protected] - Password:
xdDPyH(8 - Email To:
[email protected]
Targets
-
-
Target
EV 4880 AF 271075403.exe
-
Size
616KB
-
MD5
f1970c4c91252226e927895f9057ce64
-
SHA1
08439f291ec3a3e556464bf380002cc1737989fa
-
SHA256
7c009952f608eb68e242b477f9d2551bacde90e1ea75d21e5c78378ba3f7b06c
-
SHA512
2f521938f0c53b89f41e6ecc24a03401c3c05dd49aec17322d9e04c96fb968a185a51363a00e9eb5578a7415fe6444903d3b92b245085de2c6805fab2b9dcbcb
-
SSDEEP
12288:D5va5W9z2oJJh8OHcIBCIRRFTBP8e7SvZNKDPD2gjvgTzMO:DH9yo98aBCIRHBP8rwaevgfMO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-