General
-
Target
Balance payment made.exe
-
Size
332KB
-
Sample
240403-pbhqdach7w
-
MD5
719c42cc090147553a6c1579c91b4789
-
SHA1
f3fea4df3bc34e90501a5b9c413a62184f67ff4f
-
SHA256
c0f96896bb7e168d46975892f9bafc3358fc769568969ee421e7a0dd51ed899a
-
SHA512
b1baa052046a238aede67262d716effd5d95fc5c4de9e241a26f31e4a80ce80e50e5d31d40677a817145e52b5418e7a0e992cfd706ce0c17851624f066de94b4
-
SSDEEP
6144:x5wdIQrN5LW7fl1FtNLscgZwsKQs67yqcJu8eZA4uDT3+dhB:PwmwxW7d1hvgZwXQs6+M8UAjDS
Static task
static1
Behavioral task
behavioral1
Sample
Balance payment made.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Balance payment made.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.etiprim.com - Port:
587 - Username:
[email protected] - Password:
ETP@habiballah2023 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.etiprim.com - Port:
587 - Username:
[email protected] - Password:
ETP@habiballah2023
Targets
-
-
Target
Balance payment made.exe
-
Size
332KB
-
MD5
719c42cc090147553a6c1579c91b4789
-
SHA1
f3fea4df3bc34e90501a5b9c413a62184f67ff4f
-
SHA256
c0f96896bb7e168d46975892f9bafc3358fc769568969ee421e7a0dd51ed899a
-
SHA512
b1baa052046a238aede67262d716effd5d95fc5c4de9e241a26f31e4a80ce80e50e5d31d40677a817145e52b5418e7a0e992cfd706ce0c17851624f066de94b4
-
SSDEEP
6144:x5wdIQrN5LW7fl1FtNLscgZwsKQs67yqcJu8eZA4uDT3+dhB:PwmwxW7d1hvgZwXQs6+M8UAjDS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-