General
-
Target
27bdacdacc006511f54c059afd65808fe2d71c0c33faa3e33dcd793f677f14a5
-
Size
632KB
-
Sample
240328-b24tmsad72
-
MD5
f1c6deacca21165dda8fc3b16ff55f00
-
SHA1
5966e03e748923f1247e3fd0357b9563da08880f
-
SHA256
27bdacdacc006511f54c059afd65808fe2d71c0c33faa3e33dcd793f677f14a5
-
SHA512
1414e8367fb2bcc0c852d48b8bfa00dc31c01c8975494f506148f0781cbcf9514df2d6a497448606502c2299cc979fd48b3e86088bff60a312b6b9465027f2c6
-
SSDEEP
12288:nH1VC3RYojGuaQg67RujpRSjgTUSbQIqGQDAV7l8zi0gKq9VcgtGZl1KcBnxkrx:VVsNGu97ypI2USbv5E6eW/ncbZCU6rx
Static task
static1
Behavioral task
behavioral1
Sample
RFQ___7363836.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RFQ___7363836.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ag-tr.com - Port:
587 - Username:
[email protected] - Password:
At.070773 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.ag-tr.com - Port:
587 - Username:
[email protected] - Password:
At.070773
Targets
-
-
Target
RFQ___7363836.exe
-
Size
658KB
-
MD5
a304ddd3e3d5a2ee059569a2ed90b153
-
SHA1
3e012429384ddbd75f660af8b0859222cd6c82b8
-
SHA256
0408bd468824d124d9115806910e468348cccaa6efea5f0392da90ef1b2101b6
-
SHA512
7b9a2af0bd8f6b52fadaf686892bcc1498e87a63b5b4f7bd03f2a2b2e83bd2340016fe43c234dc03c1d4643b9f45aea021d2e8f89383db4112deab6468c77d0a
-
SSDEEP
12288:mH2iNlw0er5rtyGPnfJMhmRBIqGQlAV7l8di0gKeBc/jVcgt4Zl1KcBbzBvqdpy0:A1X2htyGXJti5w6eE/GxcLZCUbzdXl+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-