General
-
Target
56d14e3987e9ad35bf1bd23f860bd9b0.bin
-
Size
669KB
-
Sample
240327-ct5awade2y
-
MD5
2e24fbbcf888eca3e467ef173558779e
-
SHA1
59d353abf924022077ebc8897472ccf493ac6436
-
SHA256
3b4de02df63eb08ccee4d56a263eaa35031a57505f9adbca675b57508df0ca90
-
SHA512
c6966143059e3e4b7599629afc36a6288dee05926d9cc22ea6c30aba7e2ec83327c748cbb1f88b17cf19772bd32c894ef0c49c41ff99d59ad94d857ca1ef5708
-
SSDEEP
12288:sXKdqDnDNJmKc2sraDyZYbUFtxjNPUTyK8/B3dFSsgEYQTOLoIAP7mB8TSA:s6dAbmKc2srMyYwtx5P8ybp3d0HEViLW
Static task
static1
Behavioral task
behavioral1
Sample
da453b1b8927be6d7714036b6089a94641f7eafcac495be86d121543d42b4679.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
da453b1b8927be6d7714036b6089a94641f7eafcac495be86d121543d42b4679.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.animetals.com.my - Port:
587 - Username:
[email protected] - Password:
8VHMY#KF%kpF - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.animetals.com.my - Port:
587 - Username:
[email protected] - Password:
8VHMY#KF%kpF
Targets
-
-
Target
da453b1b8927be6d7714036b6089a94641f7eafcac495be86d121543d42b4679.exe
-
Size
714KB
-
MD5
56d14e3987e9ad35bf1bd23f860bd9b0
-
SHA1
56d0089f14f78f23c67270036881a052b1e48c4e
-
SHA256
da453b1b8927be6d7714036b6089a94641f7eafcac495be86d121543d42b4679
-
SHA512
77f35c7898606bc00f94bf4da8fdc271825ebb612c6138e156be6ad842864fc576d6df11b840ac8aa2377dcefe173377247b6042b012479a413ff0bc3d191cfb
-
SSDEEP
12288:Q4CMwhob8XQbTa+e5ssnnRLhXPxdWEcfTI7ecBgLGwNsTtmX2NaZBqiA:2obiQPBe5ssnRLNZdyiOhsTgX2NiBq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-