General
-
Target
ff42f562e1550d08fb40f97c3a1c1090d9591c11f8880b4c377af9d156a1238f
-
Size
701KB
-
Sample
240330-bzbebaeh64
-
MD5
b5745905bf693ebff7266b73a56a9544
-
SHA1
50c572e586d0e144e1468c771de075236880a8c8
-
SHA256
ff42f562e1550d08fb40f97c3a1c1090d9591c11f8880b4c377af9d156a1238f
-
SHA512
149a66a2aab4024b5d661b721e3211612b98cf2fa5d3c7b1be00ab5de603b0b5dc1039256c3cf9ed74fb404e136cc31140c6c8e081b0194ca0710ece35cff42a
-
SSDEEP
12288:qbLK1vdVzr4y92mTpAdP3x5pw7JrxS/n+H61g+z9APRbwrD12F+bIkR:Yi1VnRPTuPvpwNs/o61g/u3nbf
Static task
static1
Behavioral task
behavioral1
Sample
ff42f562e1550d08fb40f97c3a1c1090d9591c11f8880b4c377af9d156a1238f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ff42f562e1550d08fb40f97c3a1c1090d9591c11f8880b4c377af9d156a1238f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.almadeenabakery.com - Port:
587 - Username:
[email protected] - Password:
a123a123
Extracted
agenttesla
Protocol: smtp- Host:
mail.almadeenabakery.com - Port:
587 - Username:
[email protected] - Password:
a123a123 - Email To:
[email protected]
Targets
-
-
Target
ff42f562e1550d08fb40f97c3a1c1090d9591c11f8880b4c377af9d156a1238f
-
Size
701KB
-
MD5
b5745905bf693ebff7266b73a56a9544
-
SHA1
50c572e586d0e144e1468c771de075236880a8c8
-
SHA256
ff42f562e1550d08fb40f97c3a1c1090d9591c11f8880b4c377af9d156a1238f
-
SHA512
149a66a2aab4024b5d661b721e3211612b98cf2fa5d3c7b1be00ab5de603b0b5dc1039256c3cf9ed74fb404e136cc31140c6c8e081b0194ca0710ece35cff42a
-
SSDEEP
12288:qbLK1vdVzr4y92mTpAdP3x5pw7JrxS/n+H61g+z9APRbwrD12F+bIkR:Yi1VnRPTuPvpwNs/o61g/u3nbf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-