General
-
Target
f3cc6d8e480b37ed6a8b537fc96e447537321f3edf13d38bf2590e4c1312cf5e
-
Size
803KB
-
Sample
240424-b6pkhsdh66
-
MD5
829eb330a0bf4f36e9fc7170bc2c979d
-
SHA1
f843ab060f72ea51dc60b5e676bb74dfbbd31224
-
SHA256
f3cc6d8e480b37ed6a8b537fc96e447537321f3edf13d38bf2590e4c1312cf5e
-
SHA512
dc3e1c538cf2932154d37b38e683f893a13f403c466922357a3e3ee8b1900955162a1a90b9d3f2514976c4908146ee3062d64e3bb193754eb410132f58f16a40
-
SSDEEP
12288:0T/cWcg3c+0cEuYctcycQSYcPPam4FQh3cRAR380HZD7mFF4aibXhh/GX/TVM1Ui:0T+5D7kF4nhYkcvbZG59cc
Static task
static1
Behavioral task
behavioral1
Sample
f3cc6d8e480b37ed6a8b537fc96e447537321f3edf13d38bf2590e4c1312cf5e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f3cc6d8e480b37ed6a8b537fc96e447537321f3edf13d38bf2590e4c1312cf5e.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ariamobaddel.com - Port:
587 - Username:
[email protected] - Password:
P@ssw0rd1000 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.ariamobaddel.com - Port:
587 - Username:
[email protected] - Password:
P@ssw0rd1000
Targets
-
-
Target
f3cc6d8e480b37ed6a8b537fc96e447537321f3edf13d38bf2590e4c1312cf5e
-
Size
803KB
-
MD5
829eb330a0bf4f36e9fc7170bc2c979d
-
SHA1
f843ab060f72ea51dc60b5e676bb74dfbbd31224
-
SHA256
f3cc6d8e480b37ed6a8b537fc96e447537321f3edf13d38bf2590e4c1312cf5e
-
SHA512
dc3e1c538cf2932154d37b38e683f893a13f403c466922357a3e3ee8b1900955162a1a90b9d3f2514976c4908146ee3062d64e3bb193754eb410132f58f16a40
-
SSDEEP
12288:0T/cWcg3c+0cEuYctcycQSYcPPam4FQh3cRAR380HZD7mFF4aibXhh/GX/TVM1Ui:0T+5D7kF4nhYkcvbZG59cc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-