General
-
Target
MT_078410_00_032.exe
-
Size
2.4MB
-
Sample
240515-nh9l1afc34
-
MD5
765a94a7bedd69fb57e562b5c6537db9
-
SHA1
bd62eccc3009b043512aa2e6a1297875c613760e
-
SHA256
e623db7ce7f2a3ddd3e5b4571f75a4b20b4fd69d8680d19a4e6506730ee2c81d
-
SHA512
ea2fb18aeebd2038d9db10d75023ed747802ccd2bf20163cce4a89be26113f08a019c9e19088747bc182ca4317390bb2b50ff01cb6fd52361ff2c16219673f91
-
SSDEEP
49152:rd1ccJyl0yJDpXoYir/atre3KGthcMrXcdLobjrXGGS:rJO0G54+K3KGthVrEL3GS
Static task
static1
Behavioral task
behavioral1
Sample
MT_078410_00_032.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
MT_078410_00_032.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
d9GOyTceXsMT - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
d9GOyTceXsMT
Targets
-
-
Target
MT_078410_00_032.exe
-
Size
2.4MB
-
MD5
765a94a7bedd69fb57e562b5c6537db9
-
SHA1
bd62eccc3009b043512aa2e6a1297875c613760e
-
SHA256
e623db7ce7f2a3ddd3e5b4571f75a4b20b4fd69d8680d19a4e6506730ee2c81d
-
SHA512
ea2fb18aeebd2038d9db10d75023ed747802ccd2bf20163cce4a89be26113f08a019c9e19088747bc182ca4317390bb2b50ff01cb6fd52361ff2c16219673f91
-
SSDEEP
49152:rd1ccJyl0yJDpXoYir/atre3KGthcMrXcdLobjrXGGS:rJO0G54+K3KGthVrEL3GS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-