General
-
Target
1f0d07d3ff6aabd4309ad988906e870270246b7db49d1b6419512e7e6592289b
-
Size
654KB
-
Sample
240408-bvewyacg36
-
MD5
95a93eaf41976b19792ea78b4d5871b1
-
SHA1
e7123b11490f1a99745c9a8529c8e4075cffa9ed
-
SHA256
1f0d07d3ff6aabd4309ad988906e870270246b7db49d1b6419512e7e6592289b
-
SHA512
33a288d409bcb5d88ca05bb34eb98bf9863fabfd1d7e35fe2164ec1da088fedb7d310adee403b53056abba60d2f930783cdb079cc3964f881e8711d40c344083
-
SSDEEP
12288:0Ws3/5cKCDMJhMIQBt4pTUnu0E3qc6BRlN4xuiUWoYt83Ok:nwBcJYJhxQs6iPKOrjK3
Static task
static1
Behavioral task
behavioral1
Sample
1f0d07d3ff6aabd4309ad988906e870270246b7db49d1b6419512e7e6592289b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1f0d07d3ff6aabd4309ad988906e870270246b7db49d1b6419512e7e6592289b.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.thanhancompony.com - Port:
587 - Username:
[email protected] - Password:
aSkIhV^3
Extracted
agenttesla
Protocol: smtp- Host:
smtp.thanhancompony.com - Port:
587 - Username:
[email protected] - Password:
aSkIhV^3 - Email To:
[email protected]
Targets
-
-
Target
1f0d07d3ff6aabd4309ad988906e870270246b7db49d1b6419512e7e6592289b
-
Size
654KB
-
MD5
95a93eaf41976b19792ea78b4d5871b1
-
SHA1
e7123b11490f1a99745c9a8529c8e4075cffa9ed
-
SHA256
1f0d07d3ff6aabd4309ad988906e870270246b7db49d1b6419512e7e6592289b
-
SHA512
33a288d409bcb5d88ca05bb34eb98bf9863fabfd1d7e35fe2164ec1da088fedb7d310adee403b53056abba60d2f930783cdb079cc3964f881e8711d40c344083
-
SSDEEP
12288:0Ws3/5cKCDMJhMIQBt4pTUnu0E3qc6BRlN4xuiUWoYt83Ok:nwBcJYJhxQs6iPKOrjK3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-