General
-
Target
771c61f1816431acb621234047df7cbd9c1434e919b824c9b565186d1099d876
-
Size
1.0MB
-
Sample
240426-cgdbmahb96
-
MD5
128c4302ce0ac77fbf3036ecfef5b188
-
SHA1
c695f5001043549499e809e2108c8c737a9295bb
-
SHA256
771c61f1816431acb621234047df7cbd9c1434e919b824c9b565186d1099d876
-
SHA512
9cfe4d68a661b9e251612ce4ecd18d2686c933a61400c8de41c43096a71b64a5ffaa2378ba759e05d038add0f469d90a98e4bf4e209f430339d69ecad44996bc
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1Hom2KXMmHam6O2mMy5:Rh+ZkldoPK8Yam/20
Static task
static1
Behavioral task
behavioral1
Sample
771c61f1816431acb621234047df7cbd9c1434e919b824c9b565186d1099d876.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
771c61f1816431acb621234047df7cbd9c1434e919b824c9b565186d1099d876.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.tecnical-mx.com - Port:
587 - Username:
azucena.pantoja@tecnical-mx.com - Password:
()WM*^(6
Extracted
agenttesla
Protocol: smtp- Host:
smtp.tecnical-mx.com - Port:
587 - Username:
azucena.pantoja@tecnical-mx.com - Password:
()WM*^(6 - Email To:
azucena.pantoja@tecnical-mx.com
Targets
-
-
Target
771c61f1816431acb621234047df7cbd9c1434e919b824c9b565186d1099d876
-
Size
1.0MB
-
MD5
128c4302ce0ac77fbf3036ecfef5b188
-
SHA1
c695f5001043549499e809e2108c8c737a9295bb
-
SHA256
771c61f1816431acb621234047df7cbd9c1434e919b824c9b565186d1099d876
-
SHA512
9cfe4d68a661b9e251612ce4ecd18d2686c933a61400c8de41c43096a71b64a5ffaa2378ba759e05d038add0f469d90a98e4bf4e209f430339d69ecad44996bc
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1Hom2KXMmHam6O2mMy5:Rh+ZkldoPK8Yam/20
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-