General
-
Target
9279e4de2ad8ee48cd5ff9e4a8594632d086e9081f7053d02ea9a79695cf70e7
-
Size
844KB
-
Sample
240425-b7beaadc5x
-
MD5
aaed7ca997aff4e271ac28b540adeca8
-
SHA1
8c0dc1edf0f1f74fe21f2ee1b0f7dc6ae3809317
-
SHA256
9279e4de2ad8ee48cd5ff9e4a8594632d086e9081f7053d02ea9a79695cf70e7
-
SHA512
a049e9a535aee6a7a37cf8b90e8f55096b7fd2b6e2758078d2762ebc6132032c319b81f20c0bc548559ecf1de2c27ad336146f1bf8067d067a8227f123002ab9
-
SSDEEP
12288:ZGIwGs0SpmBwGXjdX32ogZ+g/yHkZeQzrjKEddyDZNdgc+WU:oXGs0SpmB3XZnMZ4yz/dwDDdg
Static task
static1
Behavioral task
behavioral1
Sample
9279e4de2ad8ee48cd5ff9e4a8594632d086e9081f7053d02ea9a79695cf70e7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9279e4de2ad8ee48cd5ff9e4a8594632d086e9081f7053d02ea9a79695cf70e7.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cphost09.qhoster.net - Port:
587 - Username:
[email protected] - Password:
[email protected] - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
cphost09.qhoster.net - Port:
587 - Username:
[email protected] - Password:
[email protected]
Targets
-
-
Target
9279e4de2ad8ee48cd5ff9e4a8594632d086e9081f7053d02ea9a79695cf70e7
-
Size
844KB
-
MD5
aaed7ca997aff4e271ac28b540adeca8
-
SHA1
8c0dc1edf0f1f74fe21f2ee1b0f7dc6ae3809317
-
SHA256
9279e4de2ad8ee48cd5ff9e4a8594632d086e9081f7053d02ea9a79695cf70e7
-
SHA512
a049e9a535aee6a7a37cf8b90e8f55096b7fd2b6e2758078d2762ebc6132032c319b81f20c0bc548559ecf1de2c27ad336146f1bf8067d067a8227f123002ab9
-
SSDEEP
12288:ZGIwGs0SpmBwGXjdX32ogZ+g/yHkZeQzrjKEddyDZNdgc+WU:oXGs0SpmB3XZnMZ4yz/dwDDdg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-