General
-
Target
c93862066670d022b71313fec54babbb.bin
-
Size
623KB
-
Sample
240425-cnlatadd97
-
MD5
46e504ee72b8839aa9eb509f12ad3320
-
SHA1
ae7176c5dd93bc199f7248bffcaf138d7bd3b34a
-
SHA256
7ac0d2738d4482469e78111ac06f25ea3ae448aa978bccfe7819cabb65694bb1
-
SHA512
ab39170178822eaa6cae9079cbb42192a756d7267bad862af9bdabfc40929e32dd52ac998b388b97ae1e4ea2161170e72b59a657fb984f3163e5225ae8d66316
-
SSDEEP
12288:GPdhk0sOZ+wm9h5k/lfeh0z7fllObgnFFpupvJ6qRlIYCnxNK00kv30WR/:gps/nclu+l4Q/pWv/8YaNKjkf7R/
Static task
static1
Behavioral task
behavioral1
Sample
Bank slip.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Bank slip.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alkuwaiti.com - Port:
587 - Username:
[email protected] - Password:
Ele@1804 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.alkuwaiti.com - Port:
587 - Username:
[email protected] - Password:
Ele@1804
Targets
-
-
Target
Bank slip.exe
-
Size
643KB
-
MD5
83d5996cdae805e2caaea0c087163700
-
SHA1
2b69f4a9e66cb932f695fc0b004c81d34f3684d5
-
SHA256
ca444d4c1eac0d3464e99f59a3391aa587572814d5fbecfe1d02ac9bf84606e8
-
SHA512
c879cefa653c5abacaad7cd4ff49a61322b613db888cf21c37f343f2a2f8d31c79e2ee7cc33255eaef3030b63d530fc8deb08c57d1cab16e72206093ff01a9ed
-
SSDEEP
12288:TSWPxnsANqcSezgcDlgGZ9d5bzNmBorZpOaAXmne+Sdq2A2cWjoI9:fsWyytDl/bd5biorPAWnrSdOrA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-