General
-
Target
Order 00958867.zip
-
Size
592KB
-
Sample
240424-q9qdjsbb7x
-
MD5
487b6c00168691d9298f61dbc2af8a6c
-
SHA1
743a7ede3d69aad1f7c6636e06bcd928ab4b1a5e
-
SHA256
c9690c685db15bbd40081c1e8f77ef2da09c56e7c4667f13fcbfa05a2b416abd
-
SHA512
f43562e813af5a229383e744fe99aa9b34c9ccc172bb47e5fc2fef1445f2e504c890869f1c1b97f6e7e3f786832def0ffeb1ae6425e66629f5474010354c5a92
-
SSDEEP
12288:oObT/zcJZnqsRzcp1wq3RO6N5IJWA5AuaLBXb4z/:os/cHU1ThuJcuqBM/
Static task
static1
Behavioral task
behavioral1
Sample
Order 00958867.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Order 00958867.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.italiacanda-it.com - Port:
587 - Username:
[email protected] - Password:
dsrociz1 - Email To:
[email protected]
Targets
-
-
Target
Order 00958867.exe
-
Size
1015KB
-
MD5
3c0c2eecbe5928812b19a173aa664273
-
SHA1
1a8d159220bc28bea1713bfbfae6f70a03681a75
-
SHA256
a1fab4b8e0b4624d3da9a0b89ac2f3c4ad564ff921e5ee4cff567fc986da48cb
-
SHA512
64c4075005ade33d769f076ee14a9b77d92eeb32b31fb0d37c57fffe83c23ddc343a6a4b9ee63d48d8b25c8378436c2cf299503efb6f450a48d33cfe6bf04f84
-
SSDEEP
24576:aAHnh+eWsN3skA4RV1Hom2KXMmHajVWuOBc0gX5:th+ZkldoPK8YajYc0c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-