General
-
Target
CV Mariana Alvarez.exe
-
Size
670KB
-
Sample
240328-nl92yabc9y
-
MD5
a7b5278a3cb702e9a35e81e9499b02f6
-
SHA1
27e6ea7acc6866cf0b33e74aa0b14c397c207a70
-
SHA256
a04149b5e4fd34db0eb6dbbb815f47a09700cdb6b899e59b9a9771d5cd6f4ff7
-
SHA512
da4efef37a8b66cd37073db159b8c31648501e58ba67c9a64d7c59d82828fb9649ed6d5317ca412a3c5e478f06982e319709128b314a1ab35a8a3cc5179a78b8
-
SSDEEP
12288:li0YOwqgsH+MgpRYV9zNwA7NAY4zr/blj1GVyQ3s2wd0rTCbBUEBGl:YO7beMkOla3Rcl3yC2bBUE4
Static task
static1
Behavioral task
behavioral1
Sample
CV Mariana Alvarez.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
CV Mariana Alvarez.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.flying-fish-cn.com - Port:
587 - Username:
office@flying-fish-cn.com - Password:
hkk999@@@ - Email To:
office@flying-fish-cn.com
Extracted
Protocol: smtp- Host:
smtp.flying-fish-cn.com - Port:
587 - Username:
office@flying-fish-cn.com - Password:
hkk999@@@
Targets
-
-
Target
CV Mariana Alvarez.exe
-
Size
670KB
-
MD5
a7b5278a3cb702e9a35e81e9499b02f6
-
SHA1
27e6ea7acc6866cf0b33e74aa0b14c397c207a70
-
SHA256
a04149b5e4fd34db0eb6dbbb815f47a09700cdb6b899e59b9a9771d5cd6f4ff7
-
SHA512
da4efef37a8b66cd37073db159b8c31648501e58ba67c9a64d7c59d82828fb9649ed6d5317ca412a3c5e478f06982e319709128b314a1ab35a8a3cc5179a78b8
-
SSDEEP
12288:li0YOwqgsH+MgpRYV9zNwA7NAY4zr/blj1GVyQ3s2wd0rTCbBUEBGl:YO7beMkOla3Rcl3yC2bBUE4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-