General
-
Target
35c7353637d81c7e2e83fabdf36681ef6f30f24022cc0fbdc60905da017d051e
-
Size
238KB
-
Sample
240328-cabt8aae42
-
MD5
04d87a5fe09c880690bf811f621635b2
-
SHA1
19a461f69ad550175207f861e7ed43d6bc41e784
-
SHA256
35c7353637d81c7e2e83fabdf36681ef6f30f24022cc0fbdc60905da017d051e
-
SHA512
148f62a76b35ec59fd329d8a621eade1bfd96a3e7fcb55d57aa3dba9add4b589518bd33e947658fb3f9ec0306cf545579a25863c86d4a2557d3479b9f4e3dc78
-
SSDEEP
3072:G3dRQgo4Q4BWRR/WH8iKUvLpCMk56Ye5NVwtc/ZC65:mdRQgo4QGWRVWXN1C9MYVt+
Behavioral task
behavioral1
Sample
35c7353637d81c7e2e83fabdf36681ef6f30f24022cc0fbdc60905da017d051e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
35c7353637d81c7e2e83fabdf36681ef6f30f24022cc0fbdc60905da017d051e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
terminal4.veeblehosting.com - Port:
587 - Username:
appostle@gomuga.com - Password:
Ifeanyi1987@ - Email To:
deepocket@eleven-end-sun.com
Extracted
Protocol: smtp- Host:
terminal4.veeblehosting.com - Port:
587 - Username:
appostle@gomuga.com - Password:
Ifeanyi1987@
Targets
-
-
Target
35c7353637d81c7e2e83fabdf36681ef6f30f24022cc0fbdc60905da017d051e
-
Size
238KB
-
MD5
04d87a5fe09c880690bf811f621635b2
-
SHA1
19a461f69ad550175207f861e7ed43d6bc41e784
-
SHA256
35c7353637d81c7e2e83fabdf36681ef6f30f24022cc0fbdc60905da017d051e
-
SHA512
148f62a76b35ec59fd329d8a621eade1bfd96a3e7fcb55d57aa3dba9add4b589518bd33e947658fb3f9ec0306cf545579a25863c86d4a2557d3479b9f4e3dc78
-
SSDEEP
3072:G3dRQgo4Q4BWRR/WH8iKUvLpCMk56Ye5NVwtc/ZC65:mdRQgo4QGWRVWXN1C9MYVt+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-