General
-
Target
822452a747918a4f6e5a091e7da1c29c8eb4e85c7edcbd9ce00ddd7b99cedf94
-
Size
1.3MB
-
Sample
240426-cte1zshc4x
-
MD5
cab69ca1a4b8594ff643946ab31e0710
-
SHA1
fc5c56aba56e7609c51a6d2e2b9c7228d40020dc
-
SHA256
822452a747918a4f6e5a091e7da1c29c8eb4e85c7edcbd9ce00ddd7b99cedf94
-
SHA512
941873d247b40a6cbe23ecdcd07f5bf6a418870b1ae20955e009dca5ee583bdd1cd8ce1a54aa70790b36a89634139c714fa468aabdce4f9fabcb9ec5872ed3c8
-
SSDEEP
24576:4sP3qbmWgzTHtrn4d2xFtVcp4AxrHWHC4qv7suobUmqLDO3VLhvh7ideX/wn:42THJDxzUxTWLq4uKX3VLn7iEX/K
Static task
static1
Behavioral task
behavioral1
Sample
822452a747918a4f6e5a091e7da1c29c8eb4e85c7edcbd9ce00ddd7b99cedf94.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
822452a747918a4f6e5a091e7da1c29c8eb4e85c7edcbd9ce00ddd7b99cedf94.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bestconstructltd.com - Port:
587 - Username:
chris@bestconstructltd.com - Password:
Cm54227290 - Email To:
winnie.lovetex@outlook.com
Targets
-
-
Target
822452a747918a4f6e5a091e7da1c29c8eb4e85c7edcbd9ce00ddd7b99cedf94
-
Size
1.3MB
-
MD5
cab69ca1a4b8594ff643946ab31e0710
-
SHA1
fc5c56aba56e7609c51a6d2e2b9c7228d40020dc
-
SHA256
822452a747918a4f6e5a091e7da1c29c8eb4e85c7edcbd9ce00ddd7b99cedf94
-
SHA512
941873d247b40a6cbe23ecdcd07f5bf6a418870b1ae20955e009dca5ee583bdd1cd8ce1a54aa70790b36a89634139c714fa468aabdce4f9fabcb9ec5872ed3c8
-
SSDEEP
24576:4sP3qbmWgzTHtrn4d2xFtVcp4AxrHWHC4qv7suobUmqLDO3VLhvh7ideX/wn:42THJDxzUxTWLq4uKX3VLn7iEX/K
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-