General
-
Target
73e443419c142c80da43bda0677d324d8dd516bfe777d4a2be81202514b799bf
-
Size
236KB
-
Sample
240426-cnat3shc34
-
MD5
394f315ef6598217492f9fe53d47ee0f
-
SHA1
4f15c6dd67f55c7fa96e7829b53441157a72402d
-
SHA256
73e443419c142c80da43bda0677d324d8dd516bfe777d4a2be81202514b799bf
-
SHA512
c49ac9ea07958dbf4531b57ed4c014a2ff943e50dae704619943adf6e8d53d04a4111033b6210cdd3cb11281072f38653184a75a01f69b42aa014b41d38c16bd
-
SSDEEP
3072:krABP1RVJljBXrCbIMjJS5JgNIxnixY5WR5IUCZklB8f:krSP1RVJljBXrCbIMqKNI8Y5WMbZM
Behavioral task
behavioral1
Sample
73e443419c142c80da43bda0677d324d8dd516bfe777d4a2be81202514b799bf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
73e443419c142c80da43bda0677d324d8dd516bfe777d4a2be81202514b799bf.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.royalgroup.vn - Port:
587 - Username:
ngald@royalgroup.vn - Password:
Royal@12345 - Email To:
s73286937@gmail.com
Extracted
Protocol: smtp- Host:
mail.royalgroup.vn - Port:
587 - Username:
ngald@royalgroup.vn - Password:
Royal@12345
Targets
-
-
Target
73e443419c142c80da43bda0677d324d8dd516bfe777d4a2be81202514b799bf
-
Size
236KB
-
MD5
394f315ef6598217492f9fe53d47ee0f
-
SHA1
4f15c6dd67f55c7fa96e7829b53441157a72402d
-
SHA256
73e443419c142c80da43bda0677d324d8dd516bfe777d4a2be81202514b799bf
-
SHA512
c49ac9ea07958dbf4531b57ed4c014a2ff943e50dae704619943adf6e8d53d04a4111033b6210cdd3cb11281072f38653184a75a01f69b42aa014b41d38c16bd
-
SSDEEP
3072:krABP1RVJljBXrCbIMjJS5JgNIxnixY5WR5IUCZklB8f:krSP1RVJljBXrCbIMqKNI8Y5WMbZM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-