General
-
Target
0b9b02462f2da1a90248f678558f6eb3002b1747dd90b1861dc748c8ca9e8b19
-
Size
1.0MB
-
Sample
240426-b9p1fsha9w
-
MD5
84d54dc520dc326bc28707788baadc0b
-
SHA1
d89337fd80f2fc0f37da390e25c07478b34426c7
-
SHA256
0b9b02462f2da1a90248f678558f6eb3002b1747dd90b1861dc748c8ca9e8b19
-
SHA512
6e56843cac1ffd8ac5d4395287e8dc9be138c92ee7c4a1a4cb5e4bfcbcc848344d1bdb6145399126f69d9ee0867f5f3fe1e4f11b0328dc22eef299844e9353b1
-
SSDEEP
24576:yAHnh+eWsN3skA4RV1Hom2KXMmHati3Gkg9o28+nXJz5:1h+ZkldoPK8YatUGp/BXL
Static task
static1
Behavioral task
behavioral1
Sample
0b9b02462f2da1a90248f678558f6eb3002b1747dd90b1861dc748c8ca9e8b19.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0b9b02462f2da1a90248f678558f6eb3002b1747dd90b1861dc748c8ca9e8b19.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.laboratoriosvilla.com.mx - Port:
587 - Username:
[email protected] - Password:
WZ,2pliw#L)D - Email To:
[email protected]
Targets
-
-
Target
0b9b02462f2da1a90248f678558f6eb3002b1747dd90b1861dc748c8ca9e8b19
-
Size
1.0MB
-
MD5
84d54dc520dc326bc28707788baadc0b
-
SHA1
d89337fd80f2fc0f37da390e25c07478b34426c7
-
SHA256
0b9b02462f2da1a90248f678558f6eb3002b1747dd90b1861dc748c8ca9e8b19
-
SHA512
6e56843cac1ffd8ac5d4395287e8dc9be138c92ee7c4a1a4cb5e4bfcbcc848344d1bdb6145399126f69d9ee0867f5f3fe1e4f11b0328dc22eef299844e9353b1
-
SSDEEP
24576:yAHnh+eWsN3skA4RV1Hom2KXMmHati3Gkg9o28+nXJz5:1h+ZkldoPK8YatUGp/BXL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-