General
-
Target
39ddee34e0fff6d1bd94e33e874b035b06f037e12eb7f1e9a4f9ea9baafdd292
-
Size
744KB
-
Sample
240328-br7sjsce81
-
MD5
6e094079b963390ca476d5735d8d2c21
-
SHA1
41b3089b77841f049d0c090fee62927c71d30326
-
SHA256
39ddee34e0fff6d1bd94e33e874b035b06f037e12eb7f1e9a4f9ea9baafdd292
-
SHA512
2ef897019b77b6e302038e1e1b884aab1f95d7a19ef39924d55e18d3570468b209276ec342393e8250db7cd530e4778f26e4a1232eb4fc603bfda8587bb85ad6
-
SSDEEP
12288:Fd1JsJ6SOF1Sh2iNwzW+T9s3YK723POalXBv5uFZJvrsOucDxu5jfP93F/1PcEa6:Fdxw1GzW+Ty3323PN7v5+vgjH9VNEELo
Static task
static1
Behavioral task
behavioral1
Sample
39ddee34e0fff6d1bd94e33e874b035b06f037e12eb7f1e9a4f9ea9baafdd292.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
39ddee34e0fff6d1bd94e33e874b035b06f037e12eb7f1e9a4f9ea9baafdd292.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sencan.com.tr - Port:
587 - Username:
[email protected] - Password:
sencan3458!! - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.sencan.com.tr - Port:
587 - Username:
[email protected] - Password:
sencan3458!!
Targets
-
-
Target
39ddee34e0fff6d1bd94e33e874b035b06f037e12eb7f1e9a4f9ea9baafdd292
-
Size
744KB
-
MD5
6e094079b963390ca476d5735d8d2c21
-
SHA1
41b3089b77841f049d0c090fee62927c71d30326
-
SHA256
39ddee34e0fff6d1bd94e33e874b035b06f037e12eb7f1e9a4f9ea9baafdd292
-
SHA512
2ef897019b77b6e302038e1e1b884aab1f95d7a19ef39924d55e18d3570468b209276ec342393e8250db7cd530e4778f26e4a1232eb4fc603bfda8587bb85ad6
-
SSDEEP
12288:Fd1JsJ6SOF1Sh2iNwzW+T9s3YK723POalXBv5uFZJvrsOucDxu5jfP93F/1PcEa6:Fdxw1GzW+Ty3323PN7v5+vgjH9VNEELo
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-