General
-
Target
82894d42535ea7af3723a597325635dcf781b99f50b430b414df09bd5a7d572f
-
Size
1.0MB
-
Sample
240427-bpzn6agh2x
-
MD5
8ee40780b29d6379d10b7bc349fcb2c6
-
SHA1
f02e226310fbd4bb113f0ccbe6b953a1e8ad0f88
-
SHA256
82894d42535ea7af3723a597325635dcf781b99f50b430b414df09bd5a7d572f
-
SHA512
6cf9e106d32e0ba462e8bc748464976683475ef9784a83ca660840b5beed44ae8877fd55d88e04e6d1916133a0c02fe919aa4f68e0520f0d3c7e205c8c0bc7a3
-
SSDEEP
24576:kAHnh+eWsN3skA4RV1Hom2KXMmHaDXQVhLrImZFS5:zh+ZkldoPK8YaDGJrImQ
Static task
static1
Behavioral task
behavioral1
Sample
82894d42535ea7af3723a597325635dcf781b99f50b430b414df09bd5a7d572f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
82894d42535ea7af3723a597325635dcf781b99f50b430b414df09bd5a7d572f.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.marinasands.gr - Port:
587 - Username:
[email protected] - Password:
;lHJ#%M!iBh- - Email To:
[email protected]
Targets
-
-
Target
82894d42535ea7af3723a597325635dcf781b99f50b430b414df09bd5a7d572f
-
Size
1.0MB
-
MD5
8ee40780b29d6379d10b7bc349fcb2c6
-
SHA1
f02e226310fbd4bb113f0ccbe6b953a1e8ad0f88
-
SHA256
82894d42535ea7af3723a597325635dcf781b99f50b430b414df09bd5a7d572f
-
SHA512
6cf9e106d32e0ba462e8bc748464976683475ef9784a83ca660840b5beed44ae8877fd55d88e04e6d1916133a0c02fe919aa4f68e0520f0d3c7e205c8c0bc7a3
-
SSDEEP
24576:kAHnh+eWsN3skA4RV1Hom2KXMmHaDXQVhLrImZFS5:zh+ZkldoPK8YaDGJrImQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-