General
-
Target
479fab7b57408597cff8f148e0b60b20eba710e41ff39c0ac4e7c91eba82c7d3
-
Size
1.6MB
-
Sample
240424-b6nm8adh63
-
MD5
efda49877c101c18879d94db35d4cf73
-
SHA1
6c00519f9ad72aaaef0fd3432ce5d096d6e2a70b
-
SHA256
479fab7b57408597cff8f148e0b60b20eba710e41ff39c0ac4e7c91eba82c7d3
-
SHA512
bec7a1e6a6003337fae4111997e0010b7cf734180995463a585d3f0f9ceab5b03184f6d058b0a1b74bddc66e2fb8e5bb994a1d4624f70f53cf06ac5393b76d6c
-
SSDEEP
24576:WqDEvCTbMWu7rQYlBQcBiT6rphdXplLEavODz1jUaxm9yaDWYEbD:WTvC/MTQYxsWjJplQavODz1jU0YKD
Behavioral task
behavioral1
Sample
479fab7b57408597cff8f148e0b60b20eba710e41ff39c0ac4e7c91eba82c7d3.exe
Resource
win7-20240221-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.microempaquescali.com - Port:
587 - Username:
[email protected] - Password:
@EO$07[XSZw)
Extracted
agenttesla
Protocol: smtp- Host:
mail.microempaquescali.com - Port:
587 - Username:
[email protected] - Password:
@EO$07[XSZw) - Email To:
[email protected]
Targets
-
-
Target
479fab7b57408597cff8f148e0b60b20eba710e41ff39c0ac4e7c91eba82c7d3
-
Size
1.6MB
-
MD5
efda49877c101c18879d94db35d4cf73
-
SHA1
6c00519f9ad72aaaef0fd3432ce5d096d6e2a70b
-
SHA256
479fab7b57408597cff8f148e0b60b20eba710e41ff39c0ac4e7c91eba82c7d3
-
SHA512
bec7a1e6a6003337fae4111997e0010b7cf734180995463a585d3f0f9ceab5b03184f6d058b0a1b74bddc66e2fb8e5bb994a1d4624f70f53cf06ac5393b76d6c
-
SSDEEP
24576:WqDEvCTbMWu7rQYlBQcBiT6rphdXplLEavODz1jUaxm9yaDWYEbD:WTvC/MTQYxsWjJplQavODz1jU0YKD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-