General
-
Target
5b494f1ff90dc1d527b8c1b301bdccef380ee9b0bc771486975c1f0075ba9243
-
Size
686KB
-
Sample
240327-hc1t1shf2t
-
MD5
5d76a9e3a1948a1307330e52cfefd7bb
-
SHA1
28b7ec354c2d4202278bab3c742eb06f36c56902
-
SHA256
5b494f1ff90dc1d527b8c1b301bdccef380ee9b0bc771486975c1f0075ba9243
-
SHA512
5d29d8b0153c21c9d33ea72b9abc50a66324e6291a7ae4ef96d7e284253f774f9f1a75794df859eb0f456c219076f7330b1d1bbdf2ac16c1d6125dcb2c81b376
-
SSDEEP
12288:RphmU6GDRn/dWA9NhoaFREwZ2+TAjliqMRgYHaNgI9b46IdAK:nNn77hKwZFEkXhogI9blI
Static task
static1
Behavioral task
behavioral1
Sample
5b494f1ff90dc1d527b8c1b301bdccef380ee9b0bc771486975c1f0075ba9243.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
5b494f1ff90dc1d527b8c1b301bdccef380ee9b0bc771486975c1f0075ba9243.exe
Resource
win11-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gosportz.in - Port:
587 - Username:
[email protected] - Password:
Ss@gosportz - Email To:
[email protected]
Targets
-
-
Target
5b494f1ff90dc1d527b8c1b301bdccef380ee9b0bc771486975c1f0075ba9243
-
Size
686KB
-
MD5
5d76a9e3a1948a1307330e52cfefd7bb
-
SHA1
28b7ec354c2d4202278bab3c742eb06f36c56902
-
SHA256
5b494f1ff90dc1d527b8c1b301bdccef380ee9b0bc771486975c1f0075ba9243
-
SHA512
5d29d8b0153c21c9d33ea72b9abc50a66324e6291a7ae4ef96d7e284253f774f9f1a75794df859eb0f456c219076f7330b1d1bbdf2ac16c1d6125dcb2c81b376
-
SSDEEP
12288:RphmU6GDRn/dWA9NhoaFREwZ2+TAjliqMRgYHaNgI9b46IdAK:nNn77hKwZFEkXhogI9blI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-