General
-
Target
eae62c4f0470d40916f7ba0eace67d1b5e8f1d62a599954a2b273abcecb240fe
-
Size
808KB
-
Sample
240426-bhafpagf61
-
MD5
a75cc815e64123afba58a49301f3885a
-
SHA1
ce31385cfa86ebbbbc99bf105d18726e0fd9d343
-
SHA256
eae62c4f0470d40916f7ba0eace67d1b5e8f1d62a599954a2b273abcecb240fe
-
SHA512
7bb940fe7413a31d77aa3ceae5b56fc08e4c61195acfed3a66c9ee6ce89cdc692e41353de8897e9abfdc5d3010578cc08079f50789a3e7fc1503b056741a3a6a
-
SSDEEP
12288:lOt8I5G8cPtP8sdE0rm1OkKCJLc/Y9ysnqY0FsAZeQzrjKEddyDZhdgc+WMe4:4L8P8sVrKOkrggWFsmz/dwD/dgn
Static task
static1
Behavioral task
behavioral1
Sample
eae62c4f0470d40916f7ba0eace67d1b5e8f1d62a599954a2b273abcecb240fe.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eae62c4f0470d40916f7ba0eace67d1b5e8f1d62a599954a2b273abcecb240fe.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cphost09.qhoster.net - Port:
587 - Username:
[email protected] - Password:
[email protected] - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
cphost09.qhoster.net - Port:
587 - Username:
[email protected] - Password:
[email protected]
Targets
-
-
Target
eae62c4f0470d40916f7ba0eace67d1b5e8f1d62a599954a2b273abcecb240fe
-
Size
808KB
-
MD5
a75cc815e64123afba58a49301f3885a
-
SHA1
ce31385cfa86ebbbbc99bf105d18726e0fd9d343
-
SHA256
eae62c4f0470d40916f7ba0eace67d1b5e8f1d62a599954a2b273abcecb240fe
-
SHA512
7bb940fe7413a31d77aa3ceae5b56fc08e4c61195acfed3a66c9ee6ce89cdc692e41353de8897e9abfdc5d3010578cc08079f50789a3e7fc1503b056741a3a6a
-
SSDEEP
12288:lOt8I5G8cPtP8sdE0rm1OkKCJLc/Y9ysnqY0FsAZeQzrjKEddyDZhdgc+WMe4:4L8P8sVrKOkrggWFsmz/dwD/dgn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-