General
-
Target
d5d50b235ab55ea31684b88d27a02a23765217f3cd2da71cb9a8767ee9e4ed1c
-
Size
816KB
-
Sample
240425-cdqgsadc38
-
MD5
44c6c88229153fb866a7948cfd25f9d1
-
SHA1
acf1f41c2e12d842082181ea7ec42d5158d38403
-
SHA256
d5d50b235ab55ea31684b88d27a02a23765217f3cd2da71cb9a8767ee9e4ed1c
-
SHA512
65bdf66f6c6db5f9505aab451255e9c669bb6d6e5b58e3fd7514c7078c388f285953efa41540c7ea73526d94b5f1ccd77cdea78280dba4d48e5adc63f80870a1
-
SSDEEP
24576:2prDAUwtdgdFfhq/VV1xPR1N9NOhP1yTs:CnwcdFExP3NOh8w
Static task
static1
Behavioral task
behavioral1
Sample
d5d50b235ab55ea31684b88d27a02a23765217f3cd2da71cb9a8767ee9e4ed1c.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
d5d50b235ab55ea31684b88d27a02a23765217f3cd2da71cb9a8767ee9e4ed1c.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.medicalhome.com.pe - Port:
587 - Username:
[email protected] - Password:
MHinfo01 - Email To:
[email protected]
Targets
-
-
Target
d5d50b235ab55ea31684b88d27a02a23765217f3cd2da71cb9a8767ee9e4ed1c
-
Size
816KB
-
MD5
44c6c88229153fb866a7948cfd25f9d1
-
SHA1
acf1f41c2e12d842082181ea7ec42d5158d38403
-
SHA256
d5d50b235ab55ea31684b88d27a02a23765217f3cd2da71cb9a8767ee9e4ed1c
-
SHA512
65bdf66f6c6db5f9505aab451255e9c669bb6d6e5b58e3fd7514c7078c388f285953efa41540c7ea73526d94b5f1ccd77cdea78280dba4d48e5adc63f80870a1
-
SSDEEP
24576:2prDAUwtdgdFfhq/VV1xPR1N9NOhP1yTs:CnwcdFExP3NOh8w
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-