General
-
Target
83b5f3c1326831ab20c2d8114e4c324e.exe
-
Size
646KB
-
Sample
240329-mjs5zaeg9w
-
MD5
83b5f3c1326831ab20c2d8114e4c324e
-
SHA1
5d0e55293b342f849f2a4a5e71174af52559a466
-
SHA256
29b71c3a7f3ae4017bd2e71cee4e9fbecfe5c7693ef30b5c541d27edc3d425b8
-
SHA512
2148ac63bdafa9eda5c2e11ae97d7bde1930142d93b3b38dde16d09059ff9ce8d51c387928f4a16243c1e85050c327c79e6e49a5c79efb303bbdc8e67d5cbb66
-
SSDEEP
12288:i2WIm0FEUjrw3i/03o7BcD1Q38vYWYNwmDSOaqaJez7bKaNoVsnjBf/LT3pCj:i2W70F7jL03GcDyeYjwqSOvaJezaaNsF
Static task
static1
Behavioral task
behavioral1
Sample
83b5f3c1326831ab20c2d8114e4c324e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
83b5f3c1326831ab20c2d8114e4c324e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gosportz.in - Port:
587 - Username:
[email protected] - Password:
Ss@gosportz - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.gosportz.in - Port:
587 - Username:
[email protected] - Password:
Ss@gosportz
Targets
-
-
Target
83b5f3c1326831ab20c2d8114e4c324e.exe
-
Size
646KB
-
MD5
83b5f3c1326831ab20c2d8114e4c324e
-
SHA1
5d0e55293b342f849f2a4a5e71174af52559a466
-
SHA256
29b71c3a7f3ae4017bd2e71cee4e9fbecfe5c7693ef30b5c541d27edc3d425b8
-
SHA512
2148ac63bdafa9eda5c2e11ae97d7bde1930142d93b3b38dde16d09059ff9ce8d51c387928f4a16243c1e85050c327c79e6e49a5c79efb303bbdc8e67d5cbb66
-
SSDEEP
12288:i2WIm0FEUjrw3i/03o7BcD1Q38vYWYNwmDSOaqaJez7bKaNoVsnjBf/LT3pCj:i2W70F7jL03GcDyeYjwqSOvaJezaaNsF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-