General
-
Target
ffdd8588a4da494a7070a25347917227efc01fe55a6bb38d693dd1307893264e
-
Size
757KB
-
Sample
240328-bpjb6sce41
-
MD5
c171e05a7a1323d4e061dda993ce0351
-
SHA1
30d1f81d95b850248c6a891f724769d45448047c
-
SHA256
ffdd8588a4da494a7070a25347917227efc01fe55a6bb38d693dd1307893264e
-
SHA512
3d35a27211e4404a1da8a1c0b07183df8f5096f2f4ca0211f6544ec1c148abdec47acba7bb75087dd663d80540bd89ea1658c86b290c32fca60a01c5de0dfb32
-
SSDEEP
12288:Kd1JsJ6S0d1Sh2iNwC8kpSm0uZ68dhIan5rNnz4pcOVTNpmj28ZE5y1Ig4F54KGm:Kdjw1G3kpyuZXHVBuWj2kgCIgw2PwDrz
Static task
static1
Behavioral task
behavioral1
Sample
ffdd8588a4da494a7070a25347917227efc01fe55a6bb38d693dd1307893264e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ffdd8588a4da494a7070a25347917227efc01fe55a6bb38d693dd1307893264e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scgpl.in - Port:
587 - Username:
[email protected] - Password:
$Hetvishwa5271@djd - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.scgpl.in - Port:
587 - Username:
[email protected] - Password:
$Hetvishwa5271@djd
Targets
-
-
Target
ffdd8588a4da494a7070a25347917227efc01fe55a6bb38d693dd1307893264e
-
Size
757KB
-
MD5
c171e05a7a1323d4e061dda993ce0351
-
SHA1
30d1f81d95b850248c6a891f724769d45448047c
-
SHA256
ffdd8588a4da494a7070a25347917227efc01fe55a6bb38d693dd1307893264e
-
SHA512
3d35a27211e4404a1da8a1c0b07183df8f5096f2f4ca0211f6544ec1c148abdec47acba7bb75087dd663d80540bd89ea1658c86b290c32fca60a01c5de0dfb32
-
SSDEEP
12288:Kd1JsJ6S0d1Sh2iNwC8kpSm0uZ68dhIan5rNnz4pcOVTNpmj28ZE5y1Ig4F54KGm:Kdjw1G3kpyuZXHVBuWj2kgCIgw2PwDrz
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-