General
-
Target
c38a9cad8f02a27d964e29ef99443b799d1c4b18ea7469ac2074f63ad0a08944
-
Size
1.2MB
-
Sample
240330-by65laeb3w
-
MD5
81850f362317b5665dff2ad6d0399b9a
-
SHA1
f55321c16db7f9d29ae428736f14b30b6a376109
-
SHA256
c38a9cad8f02a27d964e29ef99443b799d1c4b18ea7469ac2074f63ad0a08944
-
SHA512
37d158066807b6418e8fa773f9405d69fef4ab4617e506a6a8e7f79f056cd89719c94635991ce3b1296102a7fa1ac35ed90690e7c19e2d1c696a9678bcef3eef
-
SSDEEP
12288:aJLK1uOvHlmy5avPrKNItnlKaAzMvWTBr23Ca672ATr+0mB40ekrGkN:kiuOvHlEvKaAzMp3lhyNgN
Static task
static1
Behavioral task
behavioral1
Sample
Insurance.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Insurance.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.scootero.cl - Port:
587 - Username:
[email protected] - Password:
Dangote1235$
Extracted
agenttesla
Protocol: smtp- Host:
mail.scootero.cl - Port:
587 - Username:
[email protected] - Password:
Dangote1235$ - Email To:
[email protected]
Targets
-
-
Target
Insurance.exe
-
Size
696KB
-
MD5
9709d3c902365229f471d4215530b41b
-
SHA1
d8b1aa835841176e9406f4689b4963a7fbaae403
-
SHA256
78891b586defb8b94d0bfbe543a2b1d86d79306a371b40fe294c8119aadbac6f
-
SHA512
0d3275f0aaeaf0cd53fe0deecef29204fe39d74e7e2b75fd9ba07e302d0871155433e9501672aa0648e3b14c5cf63e5d0162443849886bd0c68ded6e3a2b9fdc
-
SSDEEP
12288:RJLK1uOvHlmy5avPrKNItnlKaAzMvWTBr23Ca672ATr+0mB40ekrGkN:niuOvHlEvKaAzMp3lhyNgN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-