General
-
Target
8fc5983522a6e3300574f6890d02a51c7da7143dcff9d00adfabefb9edc20fb8
-
Size
750KB
-
Sample
240417-rxd1esdf7x
-
MD5
f00efa618af9535800131867973acae0
-
SHA1
5f761d93ccd868ee2eb5cd3a0d4d547266c0f2a8
-
SHA256
8fc5983522a6e3300574f6890d02a51c7da7143dcff9d00adfabefb9edc20fb8
-
SHA512
41fe04f3b9cfa25ef00d64dc6db2322449445902860cb0ea0470a744ce8686b57ae2e0d227b9b6890f0e486434f44f7b7ff59ce23112211518a39c6cf9bfc5e1
-
SSDEEP
12288:istNCWdH0Pld6EMJc/TeiNsn+T9zeZYLdCh2sQFDQ5akT6yDtCLjGL5UHW2iRDfs:ptUWmzgcNNW8AOLdCh2saQ5akT7GCiHT
Static task
static1
Behavioral task
behavioral1
Sample
d8286c3d02b19e69b2b8520eff324fa516dfb49320450e3858c3570871bb78ae.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d8286c3d02b19e69b2b8520eff324fa516dfb49320450e3858c3570871bb78ae.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.epressong.com - Port:
587 - Username:
[email protected] - Password:
hkZsJ$e2 - Email To:
[email protected]
Targets
-
-
Target
d8286c3d02b19e69b2b8520eff324fa516dfb49320450e3858c3570871bb78ae.exe
-
Size
781KB
-
MD5
5b43ef2d931de1993c4248bf399c1fd8
-
SHA1
ed608317e496b4518c80bd4cd57c8172df8cd484
-
SHA256
d8286c3d02b19e69b2b8520eff324fa516dfb49320450e3858c3570871bb78ae
-
SHA512
a4d31809ed1f3abc4df4f840bf6bb884470badbd00b37666536bf68c33e9cf24a712dda9e0530625256b488f69fcc381338f705d4306cbf6a5ddadc145ecd2af
-
SSDEEP
24576:yV68yq0N46w9Bk+pO4rhiRsUVI6AMH9cx:yVsqCiDpHQR10MH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-