General
-
Target
d0e363251065819bba5b54ef16384625c71d6c4987d365311f2bf8482d7e6a48
-
Size
1009KB
-
Sample
240425-dsymdaee7y
-
MD5
eb7b0c89edd8b09ac41f57222fa613a4
-
SHA1
cd783d1a4be8504d893a00a6f96063b5605d4d50
-
SHA256
d0e363251065819bba5b54ef16384625c71d6c4987d365311f2bf8482d7e6a48
-
SHA512
8db0e9b4409763019ae04418d0a626642e05d3fad41b7499536c2810abf402c872dfea2456395a776649ff79b6153065459f1402ff977fb2ea3e16744a2d807b
-
SSDEEP
24576:CAHnh+eWsN3skA4RV1Hom2KXMmHaaAQWrqbZ5:Fh+ZkldoPK8YaaLx
Static task
static1
Behavioral task
behavioral1
Sample
d0e363251065819bba5b54ef16384625c71d6c4987d365311f2bf8482d7e6a48.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
d0e363251065819bba5b54ef16384625c71d6c4987d365311f2bf8482d7e6a48.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.controlfire.com.mx - Port:
587 - Username:
[email protected] - Password:
[;E4nNUMlscW - Email To:
[email protected]
Targets
-
-
Target
d0e363251065819bba5b54ef16384625c71d6c4987d365311f2bf8482d7e6a48
-
Size
1009KB
-
MD5
eb7b0c89edd8b09ac41f57222fa613a4
-
SHA1
cd783d1a4be8504d893a00a6f96063b5605d4d50
-
SHA256
d0e363251065819bba5b54ef16384625c71d6c4987d365311f2bf8482d7e6a48
-
SHA512
8db0e9b4409763019ae04418d0a626642e05d3fad41b7499536c2810abf402c872dfea2456395a776649ff79b6153065459f1402ff977fb2ea3e16744a2d807b
-
SSDEEP
24576:CAHnh+eWsN3skA4RV1Hom2KXMmHaaAQWrqbZ5:Fh+ZkldoPK8YaaLx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-