General
-
Target
e2ca6ad588e79f7c6a0b73e3516deddb9ccfd228db8dbba75dd6c9aefa7f0111
-
Size
339KB
-
Sample
240426-cyal3ahc61
-
MD5
977775c6d7c7ac7366b0b6694dd792c4
-
SHA1
2fbe1c635ee74e13e1d0d17bb4ec6880270cc620
-
SHA256
e2ca6ad588e79f7c6a0b73e3516deddb9ccfd228db8dbba75dd6c9aefa7f0111
-
SHA512
26260a51647f2cc5cf25a716fd100797e988fa29298d219555be2fb39eea446fc6631306ef9ca0f61f37522f42229a18298b9e7146495cb1320809853aa7d3a2
-
SSDEEP
6144:mH9+o/GkHyPG9f9GuMvlTEKDhdOMvqak4j7kULERkcBgQ5z9:+9+o/9MG9f9GuMv2KDhdOMfn7HSL
Static task
static1
Behavioral task
behavioral1
Sample
e2ca6ad588e79f7c6a0b73e3516deddb9ccfd228db8dbba75dd6c9aefa7f0111.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e2ca6ad588e79f7c6a0b73e3516deddb9ccfd228db8dbba75dd6c9aefa7f0111.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.bnfm.com - Port:
587 - Username:
info@bnfm.com - Password:
UpPencilViewFast398
Extracted
agenttesla
Protocol: smtp- Host:
mail.bnfm.com - Port:
587 - Username:
info@bnfm.com - Password:
UpPencilViewFast398 - Email To:
0440ccc@gmail.com
Targets
-
-
Target
e2ca6ad588e79f7c6a0b73e3516deddb9ccfd228db8dbba75dd6c9aefa7f0111
-
Size
339KB
-
MD5
977775c6d7c7ac7366b0b6694dd792c4
-
SHA1
2fbe1c635ee74e13e1d0d17bb4ec6880270cc620
-
SHA256
e2ca6ad588e79f7c6a0b73e3516deddb9ccfd228db8dbba75dd6c9aefa7f0111
-
SHA512
26260a51647f2cc5cf25a716fd100797e988fa29298d219555be2fb39eea446fc6631306ef9ca0f61f37522f42229a18298b9e7146495cb1320809853aa7d3a2
-
SSDEEP
6144:mH9+o/GkHyPG9f9GuMvlTEKDhdOMvqak4j7kULERkcBgQ5z9:+9+o/9MG9f9GuMv2KDhdOMfn7HSL
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-