General
-
Target
a69e1be4f2f9df7f50ccc8ae73268f40dd1c5fe9e19ce1752234a67c8e33b72a
-
Size
1.0MB
-
Sample
240426-cyzaeshc7w
-
MD5
bb8786bd15e022b777d62bd33c69f521
-
SHA1
dfbb19fd5270ed20207ffa039c12d7c9b56e0a35
-
SHA256
a69e1be4f2f9df7f50ccc8ae73268f40dd1c5fe9e19ce1752234a67c8e33b72a
-
SHA512
8f404e52464f599c77a584f5165b0702fab3714f22a0e76ab64bdc33a3f0a59024ac43840f777273601b8513dba943e17876d34779b21c051b9d8740b1f89793
-
SSDEEP
24576:pAHnh+eWsN3skA4RV1Hom2KXMmHac23axin+Bj5:wh+ZkldoPK8Yac29n+b
Static task
static1
Behavioral task
behavioral1
Sample
a69e1be4f2f9df7f50ccc8ae73268f40dd1c5fe9e19ce1752234a67c8e33b72a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a69e1be4f2f9df7f50ccc8ae73268f40dd1c5fe9e19ce1752234a67c8e33b72a.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.udpl.top - Port:
587 - Username:
server15@udpl.top - Password:
bCj8=*W5G!*n - Email To:
server4@udpl.top
Targets
-
-
Target
a69e1be4f2f9df7f50ccc8ae73268f40dd1c5fe9e19ce1752234a67c8e33b72a
-
Size
1.0MB
-
MD5
bb8786bd15e022b777d62bd33c69f521
-
SHA1
dfbb19fd5270ed20207ffa039c12d7c9b56e0a35
-
SHA256
a69e1be4f2f9df7f50ccc8ae73268f40dd1c5fe9e19ce1752234a67c8e33b72a
-
SHA512
8f404e52464f599c77a584f5165b0702fab3714f22a0e76ab64bdc33a3f0a59024ac43840f777273601b8513dba943e17876d34779b21c051b9d8740b1f89793
-
SSDEEP
24576:pAHnh+eWsN3skA4RV1Hom2KXMmHac23axin+Bj5:wh+ZkldoPK8Yac29n+b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-