General
-
Target
45ae25b79bd1ffc9fb913519488fe0fa613f31dc04750e5521c4832a41a80800.exe
-
Size
235KB
-
Sample
240403-p6xssadd3w
-
MD5
0cfbc5b7bd2d6d28473bb2a1e940c7b3
-
SHA1
3e0a7a3d10d1a8fa4bf68862b9534a1caf24d4f1
-
SHA256
45ae25b79bd1ffc9fb913519488fe0fa613f31dc04750e5521c4832a41a80800
-
SHA512
2a3e6afefbf4dba374d4af649b2d6fb999a0e2bbde52f1a8444588e118d9a216f803a8da339d7309512170bd97016c774557f0efbaaf4c29845ee6802d1ce1e3
-
SSDEEP
3072:J4tjLxLLTjbt8S/rDZKq4Ta9WviSHIv5MZucYBV:J4xxLLTjbt8S/3rWUyiSomun
Behavioral task
behavioral1
Sample
45ae25b79bd1ffc9fb913519488fe0fa613f31dc04750e5521c4832a41a80800.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
45ae25b79bd1ffc9fb913519488fe0fa613f31dc04750e5521c4832a41a80800.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.somaaviation.co.tz - Port:
587 - Username:
[email protected] - Password:
Dogbuddy1234# - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.somaaviation.co.tz - Port:
587 - Username:
[email protected] - Password:
Dogbuddy1234#
Targets
-
-
Target
45ae25b79bd1ffc9fb913519488fe0fa613f31dc04750e5521c4832a41a80800.exe
-
Size
235KB
-
MD5
0cfbc5b7bd2d6d28473bb2a1e940c7b3
-
SHA1
3e0a7a3d10d1a8fa4bf68862b9534a1caf24d4f1
-
SHA256
45ae25b79bd1ffc9fb913519488fe0fa613f31dc04750e5521c4832a41a80800
-
SHA512
2a3e6afefbf4dba374d4af649b2d6fb999a0e2bbde52f1a8444588e118d9a216f803a8da339d7309512170bd97016c774557f0efbaaf4c29845ee6802d1ce1e3
-
SSDEEP
3072:J4tjLxLLTjbt8S/rDZKq4Ta9WviSHIv5MZucYBV:J4xxLLTjbt8S/3rWUyiSomun
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-