General
-
Target
29b71c3a7f3ae4017bd2e71cee4e9fbecfe5c7693ef30b5c541d27edc3d425b8
-
Size
646KB
-
Sample
240328-q8hmbagh37
-
MD5
83b5f3c1326831ab20c2d8114e4c324e
-
SHA1
5d0e55293b342f849f2a4a5e71174af52559a466
-
SHA256
29b71c3a7f3ae4017bd2e71cee4e9fbecfe5c7693ef30b5c541d27edc3d425b8
-
SHA512
2148ac63bdafa9eda5c2e11ae97d7bde1930142d93b3b38dde16d09059ff9ce8d51c387928f4a16243c1e85050c327c79e6e49a5c79efb303bbdc8e67d5cbb66
-
SSDEEP
12288:i2WIm0FEUjrw3i/03o7BcD1Q38vYWYNwmDSOaqaJez7bKaNoVsnjBf/LT3pCj:i2W70F7jL03GcDyeYjwqSOvaJezaaNsF
Static task
static1
Behavioral task
behavioral1
Sample
29b71c3a7f3ae4017bd2e71cee4e9fbecfe5c7693ef30b5c541d27edc3d425b8.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
29b71c3a7f3ae4017bd2e71cee4e9fbecfe5c7693ef30b5c541d27edc3d425b8.exe
Resource
win11-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gosportz.in - Port:
587 - Username:
sales@gosportz.in - Password:
Ss@gosportz - Email To:
info.superseal@yandex.com
Targets
-
-
Target
29b71c3a7f3ae4017bd2e71cee4e9fbecfe5c7693ef30b5c541d27edc3d425b8
-
Size
646KB
-
MD5
83b5f3c1326831ab20c2d8114e4c324e
-
SHA1
5d0e55293b342f849f2a4a5e71174af52559a466
-
SHA256
29b71c3a7f3ae4017bd2e71cee4e9fbecfe5c7693ef30b5c541d27edc3d425b8
-
SHA512
2148ac63bdafa9eda5c2e11ae97d7bde1930142d93b3b38dde16d09059ff9ce8d51c387928f4a16243c1e85050c327c79e6e49a5c79efb303bbdc8e67d5cbb66
-
SSDEEP
12288:i2WIm0FEUjrw3i/03o7BcD1Q38vYWYNwmDSOaqaJez7bKaNoVsnjBf/LT3pCj:i2W70F7jL03GcDyeYjwqSOvaJezaaNsF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-