General
-
Target
53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f
-
Size
710KB
-
Sample
240426-cmtksshb9y
-
MD5
cf0776855417e003ef785432ecfbad01
-
SHA1
18f76ab26f69adf2ac6d3f66f79a094a5cf27f98
-
SHA256
53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f
-
SHA512
a5fb0cf51c9a5fed37521c4d9dfab88149440ad992efe32518615586f948d037df1da5b5c3b1ba1e1500eb8c822f707f248a3772a850ee5fa1187b2e04f180e1
-
SSDEEP
12288:QWYIPXjxannnHg2XiT4fBw6yCwYgpsMybhQxFuZ0Dk+zNCraCRWy1awzM9Rp9Gq:QWYIPFannnHg284fBwewYdQxAZ0Dk+zR
Static task
static1
Behavioral task
behavioral1
Sample
53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.al-subai.com - Port:
587 - Username:
info@al-subai.com - Password:
information12 - Email To:
greensavag@yandex.com
Targets
-
-
Target
53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f
-
Size
710KB
-
MD5
cf0776855417e003ef785432ecfbad01
-
SHA1
18f76ab26f69adf2ac6d3f66f79a094a5cf27f98
-
SHA256
53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f
-
SHA512
a5fb0cf51c9a5fed37521c4d9dfab88149440ad992efe32518615586f948d037df1da5b5c3b1ba1e1500eb8c822f707f248a3772a850ee5fa1187b2e04f180e1
-
SSDEEP
12288:QWYIPXjxannnHg2XiT4fBw6yCwYgpsMybhQxFuZ0Dk+zNCraCRWy1awzM9Rp9Gq:QWYIPFannnHg284fBwewYdQxAZ0Dk+zR
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-