General
-
Target
f9f607644cbcd66fdcfaf88eb689ed9d5c5bad4e770ebefbd708d055e288c678.exe
-
Size
450KB
-
Sample
240403-p7hp9add5w
-
MD5
c8abfd532a42ea366b12a6589b20e059
-
SHA1
1ee4bbea603845555ff876570c252fb2359af5f0
-
SHA256
f9f607644cbcd66fdcfaf88eb689ed9d5c5bad4e770ebefbd708d055e288c678
-
SHA512
9db73ec4a5e268e8b6c78e58e9934bdd01294c763ca80cd86cb4988aa03cbbcd9cb90252ce274d104aa74b14dd64d3b871b7ccbb7065a6e4b96d24d5f435e51e
-
SSDEEP
12288:QGOzvLvzFvHJGPN5MP7r9r/+ppppppppppppppppppppppppppppp0G:szvLvzFQk1q
Behavioral task
behavioral1
Sample
f9f607644cbcd66fdcfaf88eb689ed9d5c5bad4e770ebefbd708d055e288c678.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f9f607644cbcd66fdcfaf88eb689ed9d5c5bad4e770ebefbd708d055e288c678.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.medicalhome.com.pe - Port:
587 - Username:
[email protected] - Password:
MHinfo01 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.medicalhome.com.pe - Port:
587 - Username:
[email protected] - Password:
MHinfo01
Targets
-
-
Target
f9f607644cbcd66fdcfaf88eb689ed9d5c5bad4e770ebefbd708d055e288c678.exe
-
Size
450KB
-
MD5
c8abfd532a42ea366b12a6589b20e059
-
SHA1
1ee4bbea603845555ff876570c252fb2359af5f0
-
SHA256
f9f607644cbcd66fdcfaf88eb689ed9d5c5bad4e770ebefbd708d055e288c678
-
SHA512
9db73ec4a5e268e8b6c78e58e9934bdd01294c763ca80cd86cb4988aa03cbbcd9cb90252ce274d104aa74b14dd64d3b871b7ccbb7065a6e4b96d24d5f435e51e
-
SSDEEP
12288:QGOzvLvzFvHJGPN5MP7r9r/+ppppppppppppppppppppppppppppp0G:szvLvzFQk1q
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-