General
-
Target
17f3991f2e7399c32f1934ebe8bdc83825ddbdd5679436f37982f529e145b850
-
Size
747KB
-
Sample
240328-b5ptwsad84
-
MD5
12b911184764baa27081730190bdd5cb
-
SHA1
b970084dc098414c802cad7b9556ecd2be17c9d9
-
SHA256
17f3991f2e7399c32f1934ebe8bdc83825ddbdd5679436f37982f529e145b850
-
SHA512
06da4d28788683678ef2eedd336fdbf303c2f053b4e899f2d747f5d0015bc4b1040522a67d64af4231b36eb0b342e4828aa9c2b6477c4e6c59d7a9c2fd76676c
-
SSDEEP
12288:Dpahc5Zd5nIM10FnfotBvNxBxO23Pok0xaVY/5hkdHgWd+NIMQv8aD/sJ:DZZd5nIMGpsNxua0x5QFR+b
Static task
static1
Behavioral task
behavioral1
Sample
17f3991f2e7399c32f1934ebe8bdc83825ddbdd5679436f37982f529e145b850.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
17f3991f2e7399c32f1934ebe8bdc83825ddbdd5679436f37982f529e145b850.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.scootero.cl - Port:
587 - Username:
sending01@scootero.cl - Password:
Dangote1235$
Extracted
agenttesla
Protocol: smtp- Host:
mail.scootero.cl - Port:
587 - Username:
sending01@scootero.cl - Password:
Dangote1235$ - Email To:
receiving01@scootero.cl
Targets
-
-
Target
17f3991f2e7399c32f1934ebe8bdc83825ddbdd5679436f37982f529e145b850
-
Size
747KB
-
MD5
12b911184764baa27081730190bdd5cb
-
SHA1
b970084dc098414c802cad7b9556ecd2be17c9d9
-
SHA256
17f3991f2e7399c32f1934ebe8bdc83825ddbdd5679436f37982f529e145b850
-
SHA512
06da4d28788683678ef2eedd336fdbf303c2f053b4e899f2d747f5d0015bc4b1040522a67d64af4231b36eb0b342e4828aa9c2b6477c4e6c59d7a9c2fd76676c
-
SSDEEP
12288:Dpahc5Zd5nIM10FnfotBvNxBxO23Pok0xaVY/5hkdHgWd+NIMQv8aD/sJ:DZZd5nIMGpsNxua0x5QFR+b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-