General
-
Target
1fb88a4ae16628d60484b3d36d213cb546a52f407f3b4d2fc2c846194011f719
-
Size
234KB
-
Sample
240408-bhd4wacb4v
-
MD5
6ca0e4f2cd83a062cff2abd0e2f4a6fa
-
SHA1
db46bfad524966aeebd9a1e1e3d921c4ade17044
-
SHA256
1fb88a4ae16628d60484b3d36d213cb546a52f407f3b4d2fc2c846194011f719
-
SHA512
163bfc356b7aea639d43c2e4ac3b06441170721f464a8c8e6e6e328ce78bb3ccfb6af1ef5a7157e683c8e2deb626dfd0da194f7d6a11939b98f1e2b44fc7b562
-
SSDEEP
3072:xDZGyuymF5J4/uabbICF4f7skwg6Ck852c12d/:xDZGyuym/J4/uabbICFMsV9A1y
Behavioral task
behavioral1
Sample
1fb88a4ae16628d60484b3d36d213cb546a52f407f3b4d2fc2c846194011f719.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1fb88a4ae16628d60484b3d36d213cb546a52f407f3b4d2fc2c846194011f719.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.etiprim.com - Port:
587 - Username:
[email protected] - Password:
ETP@habiballah2023 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.etiprim.com - Port:
587 - Username:
[email protected] - Password:
ETP@habiballah2023
Targets
-
-
Target
1fb88a4ae16628d60484b3d36d213cb546a52f407f3b4d2fc2c846194011f719
-
Size
234KB
-
MD5
6ca0e4f2cd83a062cff2abd0e2f4a6fa
-
SHA1
db46bfad524966aeebd9a1e1e3d921c4ade17044
-
SHA256
1fb88a4ae16628d60484b3d36d213cb546a52f407f3b4d2fc2c846194011f719
-
SHA512
163bfc356b7aea639d43c2e4ac3b06441170721f464a8c8e6e6e328ce78bb3ccfb6af1ef5a7157e683c8e2deb626dfd0da194f7d6a11939b98f1e2b44fc7b562
-
SSDEEP
3072:xDZGyuymF5J4/uabbICF4f7skwg6Ck852c12d/:xDZGyuym/J4/uabbICFMsV9A1y
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-