General
-
Target
6d17c753bcc17e7f9d4a0563ca1427adbe362dc3191fc75f9a7c293d3f75cea7
-
Size
757KB
-
Sample
240328-b3bt9acg2t
-
MD5
35b0cdbf6950037abb693e56a94c0edd
-
SHA1
e0dfffd328d6cb1718e26c864cdeb13cb015f227
-
SHA256
6d17c753bcc17e7f9d4a0563ca1427adbe362dc3191fc75f9a7c293d3f75cea7
-
SHA512
a305175ccba932b368fe4236c5198a91278329c5db655a60c6c2797a54b309a2465dee06958456a4cde6b41c7bac7894f08ff3a1f6f0cc4ce5e29b3346610e6c
-
SSDEEP
12288:lk93yww0wnqZmJ2+J9mNsKLIX6AFbIYdh2zraeTOiB3YNEPBuxkR:k3jlAJ2+eLIX6ophCraSOFNE5us
Static task
static1
Behavioral task
behavioral1
Sample
6d17c753bcc17e7f9d4a0563ca1427adbe362dc3191fc75f9a7c293d3f75cea7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6d17c753bcc17e7f9d4a0563ca1427adbe362dc3191fc75f9a7c293d3f75cea7.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
nl9.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
Myname321@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
nl9.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
Myname321@
Targets
-
-
Target
6d17c753bcc17e7f9d4a0563ca1427adbe362dc3191fc75f9a7c293d3f75cea7
-
Size
757KB
-
MD5
35b0cdbf6950037abb693e56a94c0edd
-
SHA1
e0dfffd328d6cb1718e26c864cdeb13cb015f227
-
SHA256
6d17c753bcc17e7f9d4a0563ca1427adbe362dc3191fc75f9a7c293d3f75cea7
-
SHA512
a305175ccba932b368fe4236c5198a91278329c5db655a60c6c2797a54b309a2465dee06958456a4cde6b41c7bac7894f08ff3a1f6f0cc4ce5e29b3346610e6c
-
SSDEEP
12288:lk93yww0wnqZmJ2+J9mNsKLIX6AFbIYdh2zraeTOiB3YNEPBuxkR:k3jlAJ2+eLIX6ophCraSOFNE5us
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-