General
-
Target
b8745c6cc766aa6eee5ada198fcdfd1271ce91a03936a1f1f2d4d395052026c1
-
Size
1.6MB
-
Sample
240327-byncgshb93
-
MD5
8dd97a1563b059f0abaacd293946582a
-
SHA1
b63af72078fad78f9cc332de2bf40fc2df421894
-
SHA256
b8745c6cc766aa6eee5ada198fcdfd1271ce91a03936a1f1f2d4d395052026c1
-
SHA512
d1c2648ebed329ce129a43eeb35c0600c6a7c2bd58144c5dc1dc323794b9f9be0eed7bca66c716e403fa769928856cfc9660d1671060c51760c773b5a93b70d1
-
SSDEEP
24576:uqDEvCTbMWu7rQYlBQcBiT6rprG8aTlIRtd7G3Bz:uTvC/MTQYxsWR7aTl2SR
Static task
static1
Behavioral task
behavioral1
Sample
TRANSFERENCIA.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TRANSFERENCIA.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.crediperu.pe - Port:
587 - Username:
[email protected] - Password:
Jfupuy02chung - Email To:
[email protected]
Targets
-
-
Target
TRANSFERENCIA.exe
-
Size
1.1MB
-
MD5
e0c15954675c69af377b428d68e75cc5
-
SHA1
b06501c31d34eb48a7493e63d17b1a851499ff10
-
SHA256
878d5c3268d152cf35bd86af342b7ad31eb7f11e4971e8816007c8ba0ab50b48
-
SHA512
7d435c289f92e1c1a942203d1979c60fcc6e489fdfe2642704bff467b625e744225088bdea180ac2f3f198e5c5519363a7e11dda235c98df84226d90a76d313c
-
SSDEEP
24576:AqDEvCTbMWu7rQYlBQcBiT6rprG8aTlIRtd7G3Bz:ATvC/MTQYxsWR7aTl2SR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-