General
-
Target
c0411ae869eeeaf9bce9b7044dcaa2ed931100da22b133ae85ccad45f7499f54.exe
-
Size
1.1MB
-
Sample
240328-c2vreaah99
-
MD5
ae1fc5e5d9904a18868a4818002896bc
-
SHA1
f020e8d54a7af10140fae53cb42e019513ce0378
-
SHA256
c0411ae869eeeaf9bce9b7044dcaa2ed931100da22b133ae85ccad45f7499f54
-
SHA512
a2158b40a4daea4ff3c198bcf7347c72d44ef38b44631115e58cce64e8f78386d087fa7469458aec5857ffdb0d198816db93e71b74ec83319ce47c0c1b1f68a4
-
SSDEEP
24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8aJYLTAJ5w:0TvC/MTQYxsWR7aJYwJ
Static task
static1
Behavioral task
behavioral1
Sample
c0411ae869eeeaf9bce9b7044dcaa2ed931100da22b133ae85ccad45f7499f54.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c0411ae869eeeaf9bce9b7044dcaa2ed931100da22b133ae85ccad45f7499f54.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.awelleh3.top - Port:
587 - Username:
serverhar233@awelleh3.top - Password:
QcR_(8@AdfHa - Email To:
harry23@awelleh3.top
Extracted
Protocol: smtp- Host:
mail.awelleh3.top - Port:
587 - Username:
serverhar233@awelleh3.top - Password:
QcR_(8@AdfHa
Targets
-
-
Target
c0411ae869eeeaf9bce9b7044dcaa2ed931100da22b133ae85ccad45f7499f54.exe
-
Size
1.1MB
-
MD5
ae1fc5e5d9904a18868a4818002896bc
-
SHA1
f020e8d54a7af10140fae53cb42e019513ce0378
-
SHA256
c0411ae869eeeaf9bce9b7044dcaa2ed931100da22b133ae85ccad45f7499f54
-
SHA512
a2158b40a4daea4ff3c198bcf7347c72d44ef38b44631115e58cce64e8f78386d087fa7469458aec5857ffdb0d198816db93e71b74ec83319ce47c0c1b1f68a4
-
SSDEEP
24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8aJYLTAJ5w:0TvC/MTQYxsWR7aJYwJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-