General
-
Target
8c979ff2fa6eab53a6e439f0c8d4b4a90d4d430fa1d2717fe58be2a9f08ed90d.exe
-
Size
234KB
-
Sample
240403-p6x4jsdd3y
-
MD5
683d0fd45061453aed291d68ec1e933f
-
SHA1
3e4e397bf8e5b960dfaa44572ba921a5ff31460c
-
SHA256
8c979ff2fa6eab53a6e439f0c8d4b4a90d4d430fa1d2717fe58be2a9f08ed90d
-
SHA512
1f2bfd5c9cc0bfe4ad9149bb2d79235ea080c13cb8bb10fa0b0e44c33026dc09adc5a5946f3d7f19c93d00f088857ae8a9f4fb5fa7b747a40ceebee3d6810750
-
SSDEEP
3072:09nyuyGCdhHnUb32SBJeK/7SNKTgvgJpr6A5heWFCV:09nyuyGCdhHUb3DBEK/H63WQ
Behavioral task
behavioral1
Sample
8c979ff2fa6eab53a6e439f0c8d4b4a90d4d430fa1d2717fe58be2a9f08ed90d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c979ff2fa6eab53a6e439f0c8d4b4a90d4d430fa1d2717fe58be2a9f08ed90d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
nl9.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
Myname321@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
nl9.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
Myname321@
Targets
-
-
Target
8c979ff2fa6eab53a6e439f0c8d4b4a90d4d430fa1d2717fe58be2a9f08ed90d.exe
-
Size
234KB
-
MD5
683d0fd45061453aed291d68ec1e933f
-
SHA1
3e4e397bf8e5b960dfaa44572ba921a5ff31460c
-
SHA256
8c979ff2fa6eab53a6e439f0c8d4b4a90d4d430fa1d2717fe58be2a9f08ed90d
-
SHA512
1f2bfd5c9cc0bfe4ad9149bb2d79235ea080c13cb8bb10fa0b0e44c33026dc09adc5a5946f3d7f19c93d00f088857ae8a9f4fb5fa7b747a40ceebee3d6810750
-
SSDEEP
3072:09nyuyGCdhHnUb32SBJeK/7SNKTgvgJpr6A5heWFCV:09nyuyGCdhHUb3DBEK/H63WQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-