General
-
Target
d4b0d250879757b13113d03ca5ab449771e5f4a31ab082dba16d124498a98e5c
-
Size
636KB
-
Sample
240426-beqcqsgf82
-
MD5
b9df3bc72171550875457bca5b4f9042
-
SHA1
1517de29c1c62ecb854c9ae82028a439d6f737cd
-
SHA256
d4b0d250879757b13113d03ca5ab449771e5f4a31ab082dba16d124498a98e5c
-
SHA512
85c89a984c3ad8d42dc9b4e66cb0495d24fd2fa7d935e2daa019f1af34ebe0ef2562be5fc06a61ed59a78913bdb5d5acbc9c3dcaf62e5b22699b60eac8a06282
-
SSDEEP
12288:6sRelh9xGjhzYIzn4IOpmKsLesMcNr0dniYgd4tllBEjjEMimCi3:6UyU5YIz4IQ6esMcN2nFI6VEjj5iRC
Static task
static1
Behavioral task
behavioral1
Sample
d4b0d250879757b13113d03ca5ab449771e5f4a31ab082dba16d124498a98e5c.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
d4b0d250879757b13113d03ca5ab449771e5f4a31ab082dba16d124498a98e5c.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.lilydesign.com.tr - Port:
587 - Username:
[email protected] - Password:
1207HAmza*
Extracted
agenttesla
Protocol: smtp- Host:
mail.lilydesign.com.tr - Port:
587 - Username:
[email protected] - Password:
1207HAmza* - Email To:
[email protected]
Targets
-
-
Target
d4b0d250879757b13113d03ca5ab449771e5f4a31ab082dba16d124498a98e5c
-
Size
636KB
-
MD5
b9df3bc72171550875457bca5b4f9042
-
SHA1
1517de29c1c62ecb854c9ae82028a439d6f737cd
-
SHA256
d4b0d250879757b13113d03ca5ab449771e5f4a31ab082dba16d124498a98e5c
-
SHA512
85c89a984c3ad8d42dc9b4e66cb0495d24fd2fa7d935e2daa019f1af34ebe0ef2562be5fc06a61ed59a78913bdb5d5acbc9c3dcaf62e5b22699b60eac8a06282
-
SSDEEP
12288:6sRelh9xGjhzYIzn4IOpmKsLesMcNr0dniYgd4tllBEjjEMimCi3:6UyU5YIz4IQ6esMcN2nFI6VEjj5iRC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-