General
-
Target
7a780f84c6ea95f95b98d687ff1b7e4429c959b45d662d9a3622335cfc28f334
-
Size
1014KB
-
Sample
240425-cnsd5add98
-
MD5
3ef7b313327f8135085cc2576fd6ae48
-
SHA1
4d36acaabc5285e4c4d8b168a24780cad5101022
-
SHA256
7a780f84c6ea95f95b98d687ff1b7e4429c959b45d662d9a3622335cfc28f334
-
SHA512
675ebf1f9b4fcb938ccf31b04b33b57c2c0a041d7b31792226366ec654ecf59dd475116a37204ce8b9f1b474d7603fd7e4e0bd135bddcfcc83a19c676a416ab6
-
SSDEEP
24576:LAHnh+eWsN3skA4RV1Hom2KXcmtcBhqovxJZbZppD5:mh+ZkldoPKsacBQo7ZbZ5
Static task
static1
Behavioral task
behavioral1
Sample
7a780f84c6ea95f95b98d687ff1b7e4429c959b45d662d9a3622335cfc28f334.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7a780f84c6ea95f95b98d687ff1b7e4429c959b45d662d9a3622335cfc28f334.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.soosmaquinaria.com - Port:
587 - Username:
[email protected] - Password:
GHjfDse3. - Email To:
[email protected]
Targets
-
-
Target
7a780f84c6ea95f95b98d687ff1b7e4429c959b45d662d9a3622335cfc28f334
-
Size
1014KB
-
MD5
3ef7b313327f8135085cc2576fd6ae48
-
SHA1
4d36acaabc5285e4c4d8b168a24780cad5101022
-
SHA256
7a780f84c6ea95f95b98d687ff1b7e4429c959b45d662d9a3622335cfc28f334
-
SHA512
675ebf1f9b4fcb938ccf31b04b33b57c2c0a041d7b31792226366ec654ecf59dd475116a37204ce8b9f1b474d7603fd7e4e0bd135bddcfcc83a19c676a416ab6
-
SSDEEP
24576:LAHnh+eWsN3skA4RV1Hom2KXcmtcBhqovxJZbZppD5:mh+ZkldoPKsacBQo7ZbZ5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-