General
-
Target
826d8202d71324a5d3b0b76f33e8633d791e0cd0e8d1130c03a612458f9d7d77.exe
-
Size
699KB
-
Sample
240518-k7hyssda68
-
MD5
7f6851319c375942e2e88afdb6b2a752
-
SHA1
38cf3164eac0d413acd4d5b92ae1cf18139be7a6
-
SHA256
826d8202d71324a5d3b0b76f33e8633d791e0cd0e8d1130c03a612458f9d7d77
-
SHA512
e4e6e04eef53f714b9d1e7cd2c975cf7f3ff20d6abfb6de734b378ccdd1553e359de39707fecc53d0ef2e4020d9b1d6f68ff72d7e7575e69f9596ab6ae65ada3
-
SSDEEP
12288:TdrLbDZaNRpndZloSEI1BzEkmZLpfy9NkgaYb2egKRBM0/RaxBLsUtJ6U8JMBQ:RLDZMRpndLwZLpaqqvgspaxtsUyZJd
Static task
static1
Behavioral task
behavioral1
Sample
826d8202d71324a5d3b0b76f33e8633d791e0cd0e8d1130c03a612458f9d7d77.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
826d8202d71324a5d3b0b76f33e8633d791e0cd0e8d1130c03a612458f9d7d77.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@
Targets
-
-
Target
826d8202d71324a5d3b0b76f33e8633d791e0cd0e8d1130c03a612458f9d7d77.exe
-
Size
699KB
-
MD5
7f6851319c375942e2e88afdb6b2a752
-
SHA1
38cf3164eac0d413acd4d5b92ae1cf18139be7a6
-
SHA256
826d8202d71324a5d3b0b76f33e8633d791e0cd0e8d1130c03a612458f9d7d77
-
SHA512
e4e6e04eef53f714b9d1e7cd2c975cf7f3ff20d6abfb6de734b378ccdd1553e359de39707fecc53d0ef2e4020d9b1d6f68ff72d7e7575e69f9596ab6ae65ada3
-
SSDEEP
12288:TdrLbDZaNRpndZloSEI1BzEkmZLpfy9NkgaYb2egKRBM0/RaxBLsUtJ6U8JMBQ:RLDZMRpndLwZLpaqqvgspaxtsUyZJd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-