General
-
Target
e7ec9ddf45b438dec5a6db2d4fcbbb585600abdf0e9945b2e118f94374329449
-
Size
3.4MB
-
Sample
240430-b9ws1ahd9y
-
MD5
22ceae4219635ffad77dcb163bcdf7e0
-
SHA1
e85e5faa3e505960dacde9e6c712717e4aff9184
-
SHA256
e7ec9ddf45b438dec5a6db2d4fcbbb585600abdf0e9945b2e118f94374329449
-
SHA512
2e8dc31c4faa6878d7a727ce34f8f98f5871bafb39de000b006642184bf01d92d3efd519b156e0a034fcc293c8e779fd1ccb5d157b9ee3b18703ec5d61ebd443
-
SSDEEP
49152:np98Mq2HVhRXx651vXk3lwVtdKoeP66t9EvmiMtYcQYynJfo4B2x2/onznwe3Fx:nR1hPt3W4MyEgQnJf0znwe3n
Static task
static1
Behavioral task
behavioral1
Sample
e7ec9ddf45b438dec5a6db2d4fcbbb585600abdf0e9945b2e118f94374329449.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
e7ec9ddf45b438dec5a6db2d4fcbbb585600abdf0e9945b2e118f94374329449.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
terminal4.veeblehosting.com - Port:
587 - Username:
[email protected] - Password:
Ifeanyi1987@ - Email To:
[email protected]
Targets
-
-
Target
e7ec9ddf45b438dec5a6db2d4fcbbb585600abdf0e9945b2e118f94374329449
-
Size
3.4MB
-
MD5
22ceae4219635ffad77dcb163bcdf7e0
-
SHA1
e85e5faa3e505960dacde9e6c712717e4aff9184
-
SHA256
e7ec9ddf45b438dec5a6db2d4fcbbb585600abdf0e9945b2e118f94374329449
-
SHA512
2e8dc31c4faa6878d7a727ce34f8f98f5871bafb39de000b006642184bf01d92d3efd519b156e0a034fcc293c8e779fd1ccb5d157b9ee3b18703ec5d61ebd443
-
SSDEEP
49152:np98Mq2HVhRXx651vXk3lwVtdKoeP66t9EvmiMtYcQYynJfo4B2x2/onznwe3Fx:nR1hPt3W4MyEgQnJf0znwe3n
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-