General
-
Target
895acbd2b91fb0de4c28de579e220456f47a9c35934e329162de18845d2a1cc9
-
Size
235KB
-
Sample
240327-cgb4kada2s
-
MD5
10016028f5c53d44d0f951f32f3e55a9
-
SHA1
411c04966645544fdba777aa7dc3271aa65d906c
-
SHA256
895acbd2b91fb0de4c28de579e220456f47a9c35934e329162de18845d2a1cc9
-
SHA512
bdd7aafde532d56c79ab91c198ef77f30c5d5309b972c3a5be7daf29885c27e447e79e6a993f0a09676ebc73c2db78a737aea4b0ea4c2e66fa1122937f9e7f7a
-
SSDEEP
3072:561oDhlJ1x+tjF9uR+EwYyhduPi9VeNNWr7YPI858WoxA6AI:5lhlJ1x+tjF9uR+EwEi6Q7YPImoH
Behavioral task
behavioral1
Sample
895acbd2b91fb0de4c28de579e220456f47a9c35934e329162de18845d2a1cc9.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
895acbd2b91fb0de4c28de579e220456f47a9c35934e329162de18845d2a1cc9.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
jCXzqcP1 daniel 3116 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
jCXzqcP1 daniel 3116
Targets
-
-
Target
895acbd2b91fb0de4c28de579e220456f47a9c35934e329162de18845d2a1cc9
-
Size
235KB
-
MD5
10016028f5c53d44d0f951f32f3e55a9
-
SHA1
411c04966645544fdba777aa7dc3271aa65d906c
-
SHA256
895acbd2b91fb0de4c28de579e220456f47a9c35934e329162de18845d2a1cc9
-
SHA512
bdd7aafde532d56c79ab91c198ef77f30c5d5309b972c3a5be7daf29885c27e447e79e6a993f0a09676ebc73c2db78a737aea4b0ea4c2e66fa1122937f9e7f7a
-
SSDEEP
3072:561oDhlJ1x+tjF9uR+EwYyhduPi9VeNNWr7YPI858WoxA6AI:5lhlJ1x+tjF9uR+EwEi6Q7YPImoH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-