General
-
Target
efaee864a72d63e16f51109ad25d5fb62e30537ae7b874a12e085b6e118c5b45
-
Size
3.4MB
-
Sample
240430-bnzmrsga79
-
MD5
aa327362489d44e657683cc122652642
-
SHA1
d44d61a3523adad20ea4b041e601cc143c449a21
-
SHA256
efaee864a72d63e16f51109ad25d5fb62e30537ae7b874a12e085b6e118c5b45
-
SHA512
d650309a0db98ccd7a9de70c649a5cf1629b414d8eb04816d859e41f48060f95ea8e0171544f0da72bc39f2518a61439d0af83f410a79ef1dea19bb5382b732e
-
SSDEEP
49152:kp98Mq2HVhX6OT1RbNE7nj49RDDJftCdQYNvA6X72/jto2vo0A6EJ:kR1hdaGRD+dQYJAXO2vo0A68
Static task
static1
Behavioral task
behavioral1
Sample
efaee864a72d63e16f51109ad25d5fb62e30537ae7b874a12e085b6e118c5b45.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
efaee864a72d63e16f51109ad25d5fb62e30537ae7b874a12e085b6e118c5b45.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.italiacanda-it.com - Port:
587 - Username:
[email protected] - Password:
dsrociz1 - Email To:
[email protected]
Targets
-
-
Target
efaee864a72d63e16f51109ad25d5fb62e30537ae7b874a12e085b6e118c5b45
-
Size
3.4MB
-
MD5
aa327362489d44e657683cc122652642
-
SHA1
d44d61a3523adad20ea4b041e601cc143c449a21
-
SHA256
efaee864a72d63e16f51109ad25d5fb62e30537ae7b874a12e085b6e118c5b45
-
SHA512
d650309a0db98ccd7a9de70c649a5cf1629b414d8eb04816d859e41f48060f95ea8e0171544f0da72bc39f2518a61439d0af83f410a79ef1dea19bb5382b732e
-
SSDEEP
49152:kp98Mq2HVhX6OT1RbNE7nj49RDDJftCdQYNvA6X72/jto2vo0A6EJ:kR1hdaGRD+dQYJAXO2vo0A68
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-