General
-
Target
ca36deaeb7d963c366da6f44af265a512adf33af22fe5ce97f622f8d6d9bb111
-
Size
333KB
-
Sample
240327-cfqkkach8s
-
MD5
a0a94454d248d101a0daf71182d054f5
-
SHA1
3da5046fb4d0ac2cbb3bf0f118e862fed0038f85
-
SHA256
ca36deaeb7d963c366da6f44af265a512adf33af22fe5ce97f622f8d6d9bb111
-
SHA512
424c16f5ba15d158b834c12d37175d59f26c6546a4c268133701997f1d4ebb6874965962f56c9a7d1d8ba3cf61495a35472564bf8e894b1f3448815d4dd0f4f2
-
SSDEEP
6144:OWwpsfY1ObfLzJQy0+MJse0iJZRptZgH6v2SGBOcYGXr3o:O/snzJZUJ0GTDv2jOKXj
Static task
static1
Behavioral task
behavioral1
Sample
ca36deaeb7d963c366da6f44af265a512adf33af22fe5ce97f622f8d6d9bb111.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ca36deaeb7d963c366da6f44af265a512adf33af22fe5ce97f622f8d6d9bb111.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
|[NbQj>}o^#0 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
|[NbQj>}o^#0
Targets
-
-
Target
ca36deaeb7d963c366da6f44af265a512adf33af22fe5ce97f622f8d6d9bb111
-
Size
333KB
-
MD5
a0a94454d248d101a0daf71182d054f5
-
SHA1
3da5046fb4d0ac2cbb3bf0f118e862fed0038f85
-
SHA256
ca36deaeb7d963c366da6f44af265a512adf33af22fe5ce97f622f8d6d9bb111
-
SHA512
424c16f5ba15d158b834c12d37175d59f26c6546a4c268133701997f1d4ebb6874965962f56c9a7d1d8ba3cf61495a35472564bf8e894b1f3448815d4dd0f4f2
-
SSDEEP
6144:OWwpsfY1ObfLzJQy0+MJse0iJZRptZgH6v2SGBOcYGXr3o:O/snzJZUJ0GTDv2jOKXj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-