General
-
Target
5f770c2fe611558cf843b34c589c8ddee85ca1405c1a3d3d7d9150cda9be516e
-
Size
694KB
-
Sample
240430-b2v7hahb4s
-
MD5
363bce5ce1295d883ffa9b10b4a79e99
-
SHA1
e2f17ff88645c4a4da1369ea4fc51a97fc3dca41
-
SHA256
5f770c2fe611558cf843b34c589c8ddee85ca1405c1a3d3d7d9150cda9be516e
-
SHA512
775d5cde6a580ac840c913ba92bf134b33854d3df431996ebb0bfd962940a2484e87ec81a709262950f0018b91754be3c062ec7dce10beda85ffce3dee473569
-
SSDEEP
12288:O+DbgAB778QeIcPfePgdBNw2HrTDiLdX4hBjwpjnGqu86kOX88w30VmgdA5C:3gABk2QB1LTmd4Wpjnz7OX8pge
Static task
static1
Behavioral task
behavioral1
Sample
5f770c2fe611558cf843b34c589c8ddee85ca1405c1a3d3d7d9150cda9be516e.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
5f770c2fe611558cf843b34c589c8ddee85ca1405c1a3d3d7d9150cda9be516e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.impressionmotors.in - Port:
587 - Username:
[email protected] - Password:
Kt!@98320Slg - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.impressionmotors.in - Port:
587 - Username:
[email protected] - Password:
Kt!@98320Slg
Targets
-
-
Target
5f770c2fe611558cf843b34c589c8ddee85ca1405c1a3d3d7d9150cda9be516e
-
Size
694KB
-
MD5
363bce5ce1295d883ffa9b10b4a79e99
-
SHA1
e2f17ff88645c4a4da1369ea4fc51a97fc3dca41
-
SHA256
5f770c2fe611558cf843b34c589c8ddee85ca1405c1a3d3d7d9150cda9be516e
-
SHA512
775d5cde6a580ac840c913ba92bf134b33854d3df431996ebb0bfd962940a2484e87ec81a709262950f0018b91754be3c062ec7dce10beda85ffce3dee473569
-
SSDEEP
12288:O+DbgAB778QeIcPfePgdBNw2HrTDiLdX4hBjwpjnGqu86kOX88w30VmgdA5C:3gABk2QB1LTmd4Wpjnz7OX8pge
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-