General
-
Target
fec4d2f1583e85756d3924a1d05ca6ccc96b8fd41f6368ef9831490c492e2f38
-
Size
615KB
-
Sample
240327-byrd5scc3t
-
MD5
82f9cbec1a101a1bc40060f177d3cf37
-
SHA1
36f5aa4a51f693ec282d5febd57e1919d3326c91
-
SHA256
fec4d2f1583e85756d3924a1d05ca6ccc96b8fd41f6368ef9831490c492e2f38
-
SHA512
9b674f3381c019cbba79add7c7511a199e9830317196092b09d4a6d8ce24a72f75a245cec4a745b75553e6d0db8be112f43b1379596121deb3ee86087532d343
-
SSDEEP
12288:ckNa5Wk6ZQRetBqGE6pLuHkb3DooEgxk8DlKJdFYKHmQ9gxe:cqTZQRetwGEyLuHkb3DooE6l8fYKHti
Static task
static1
Behavioral task
behavioral1
Sample
fec4d2f1583e85756d3924a1d05ca6ccc96b8fd41f6368ef9831490c492e2f38.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
fec4d2f1583e85756d3924a1d05ca6ccc96b8fd41f6368ef9831490c492e2f38.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sencan.com.tr - Port:
587 - Username:
[email protected] - Password:
sencan3458!! - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.sencan.com.tr - Port:
587 - Username:
[email protected] - Password:
sencan3458!!
Targets
-
-
Target
fec4d2f1583e85756d3924a1d05ca6ccc96b8fd41f6368ef9831490c492e2f38
-
Size
615KB
-
MD5
82f9cbec1a101a1bc40060f177d3cf37
-
SHA1
36f5aa4a51f693ec282d5febd57e1919d3326c91
-
SHA256
fec4d2f1583e85756d3924a1d05ca6ccc96b8fd41f6368ef9831490c492e2f38
-
SHA512
9b674f3381c019cbba79add7c7511a199e9830317196092b09d4a6d8ce24a72f75a245cec4a745b75553e6d0db8be112f43b1379596121deb3ee86087532d343
-
SSDEEP
12288:ckNa5Wk6ZQRetBqGE6pLuHkb3DooEgxk8DlKJdFYKHmQ9gxe:cqTZQRetwGEyLuHkb3DooE6l8fYKHti
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-