General
-
Target
f9a65861c138e4f29a25a134cc250c8bdd49757e6dc9ffec6deb557ab0839fe4
-
Size
797KB
-
Sample
240427-bvzaksgb53
-
MD5
a3190726bb65bfb1b862c9b5cfba9622
-
SHA1
3058a8872a4bdab11e86753eb6c1bf707ed82041
-
SHA256
f9a65861c138e4f29a25a134cc250c8bdd49757e6dc9ffec6deb557ab0839fe4
-
SHA512
05cd7b9b5944e0b009c2ae6e15596d27f2b43a5d9757ef66b85e53a18818a0c8bb4c0ee4681a3f503c2e06a76aaef059ca2924f226ac42dfce48faaff14e12a2
-
SSDEEP
24576:K65eIvUXOPYcLdcdjE+SAHKOCs6/hkp6uH+n:teGUXOPYcLdc55cbLFuen
Static task
static1
Behavioral task
behavioral1
Sample
f9a65861c138e4f29a25a134cc250c8bdd49757e6dc9ffec6deb557ab0839fe4.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f9a65861c138e4f29a25a134cc250c8bdd49757e6dc9ffec6deb557ab0839fe4.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
terminal4.veeblehosting.com - Port:
587 - Username:
1yam@kailmaticarbon.com - Password:
Ifeanyi1987@ - Email To:
1yam@labelconvarters.com
Targets
-
-
Target
f9a65861c138e4f29a25a134cc250c8bdd49757e6dc9ffec6deb557ab0839fe4
-
Size
797KB
-
MD5
a3190726bb65bfb1b862c9b5cfba9622
-
SHA1
3058a8872a4bdab11e86753eb6c1bf707ed82041
-
SHA256
f9a65861c138e4f29a25a134cc250c8bdd49757e6dc9ffec6deb557ab0839fe4
-
SHA512
05cd7b9b5944e0b009c2ae6e15596d27f2b43a5d9757ef66b85e53a18818a0c8bb4c0ee4681a3f503c2e06a76aaef059ca2924f226ac42dfce48faaff14e12a2
-
SSDEEP
24576:K65eIvUXOPYcLdcdjE+SAHKOCs6/hkp6uH+n:teGUXOPYcLdc55cbLFuen
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-