General
-
Target
8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10
-
Size
573KB
-
Sample
240425-b9evgsdd2t
-
MD5
4a3d4751d1940b8cfa1f7b27fea33743
-
SHA1
53377dc4e1f2b7d2c8c656b3267af518d12c954a
-
SHA256
8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10
-
SHA512
bd587d6006e32b7e0605313e711024092a7053fa6a5a741eb8354b6e4f5eccbbad861bb6fecf25e6b9c0cc8985305330b2e1863483c4b932af84c14e978164f7
-
SSDEEP
12288:bsHzOUNUSB/o5LsI1uwajJ5yvv1l2vnJW/PZCQeBio5NSla:KiUmSB/o5d1ubcvk4/jJiNQa
Behavioral task
behavioral1
Sample
8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10.exe
Resource
win7-20240220-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.aquareklam.com - Port:
587 - Username:
[email protected] - Password:
Aqua1923
Extracted
agenttesla
Protocol: smtp- Host:
mail.aquareklam.com - Port:
587 - Username:
[email protected] - Password:
Aqua1923 - Email To:
[email protected]
Targets
-
-
Target
8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10
-
Size
573KB
-
MD5
4a3d4751d1940b8cfa1f7b27fea33743
-
SHA1
53377dc4e1f2b7d2c8c656b3267af518d12c954a
-
SHA256
8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10
-
SHA512
bd587d6006e32b7e0605313e711024092a7053fa6a5a741eb8354b6e4f5eccbbad861bb6fecf25e6b9c0cc8985305330b2e1863483c4b932af84c14e978164f7
-
SSDEEP
12288:bsHzOUNUSB/o5LsI1uwajJ5yvv1l2vnJW/PZCQeBio5NSla:KiUmSB/o5d1ubcvk4/jJiNQa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-