General
-
Target
cb6670f4f7b6a07c25f521019626dbd56cd7a2d4ffbb754769a3dc0e4fe713ec.exe
-
Size
66KB
-
Sample
240518-h1c3vshb4w
-
MD5
6b922539f1cbc89ca73ac0d9bc5df9a0
-
SHA1
b93e8aec68e05730de4b9b2abe14190f7e8f3e58
-
SHA256
cb6670f4f7b6a07c25f521019626dbd56cd7a2d4ffbb754769a3dc0e4fe713ec
-
SHA512
460c2d4e9a6f7c39d94c88530928436492852497f58ef95daec9a2d00d7e1921a805294044a0cfbd9ed37ef0df3a46a2b413c83eb6234fbf6f1acdeb49775014
-
SSDEEP
1536:V04E/c6ODf/L/EYonabLDnXW+6RFJT9Z8BJQ2rs3hGH:2/7/FJBZMJQ2rpH
Static task
static1
Behavioral task
behavioral1
Sample
cb6670f4f7b6a07c25f521019626dbd56cd7a2d4ffbb754769a3dc0e4fe713ec.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cb6670f4f7b6a07c25f521019626dbd56cd7a2d4ffbb754769a3dc0e4fe713ec.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
AvydGQ8TIDH9 - Email To:
[email protected]
Targets
-
-
Target
cb6670f4f7b6a07c25f521019626dbd56cd7a2d4ffbb754769a3dc0e4fe713ec.exe
-
Size
66KB
-
MD5
6b922539f1cbc89ca73ac0d9bc5df9a0
-
SHA1
b93e8aec68e05730de4b9b2abe14190f7e8f3e58
-
SHA256
cb6670f4f7b6a07c25f521019626dbd56cd7a2d4ffbb754769a3dc0e4fe713ec
-
SHA512
460c2d4e9a6f7c39d94c88530928436492852497f58ef95daec9a2d00d7e1921a805294044a0cfbd9ed37ef0df3a46a2b413c83eb6234fbf6f1acdeb49775014
-
SSDEEP
1536:V04E/c6ODf/L/EYonabLDnXW+6RFJT9Z8BJQ2rs3hGH:2/7/FJBZMJQ2rpH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-