General
-
Target
f3d8f1a28bc27419a3f91c2bb772e94e5221e598d1e0acba09e814354fa46ed6.exe
-
Size
713KB
-
Sample
240518-k9vqdadc4w
-
MD5
b5a3d9c1584e82409a3651f03127983c
-
SHA1
84ab921d6ba17f28679330b2863f90331cc2c70e
-
SHA256
f3d8f1a28bc27419a3f91c2bb772e94e5221e598d1e0acba09e814354fa46ed6
-
SHA512
ed0a64ac59212e2008cc468c3929c57740b62716569ef8a8fa77d9899449c0f518d18982fac770d6635bfa71be0808c1a5940ff9921e2a89c5052ebaa6527f0a
-
SSDEEP
12288:0fdrLbDZaNRplJc6lDTD6V2pv25r2/i2bV576dIpcZ9yrCFqBqi/1aM5jtkR:mLDZMRpncGDTGVl5rmNx57m9FqBqi/1S
Static task
static1
Behavioral task
behavioral1
Sample
f3d8f1a28bc27419a3f91c2bb772e94e5221e598d1e0acba09e814354fa46ed6.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f3d8f1a28bc27419a3f91c2bb772e94e5221e598d1e0acba09e814354fa46ed6.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alitextile.com - Port:
587 - Username:
[email protected] - Password:
Myname321@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.alitextile.com - Port:
587 - Username:
[email protected] - Password:
Myname321@
Targets
-
-
Target
f3d8f1a28bc27419a3f91c2bb772e94e5221e598d1e0acba09e814354fa46ed6.exe
-
Size
713KB
-
MD5
b5a3d9c1584e82409a3651f03127983c
-
SHA1
84ab921d6ba17f28679330b2863f90331cc2c70e
-
SHA256
f3d8f1a28bc27419a3f91c2bb772e94e5221e598d1e0acba09e814354fa46ed6
-
SHA512
ed0a64ac59212e2008cc468c3929c57740b62716569ef8a8fa77d9899449c0f518d18982fac770d6635bfa71be0808c1a5940ff9921e2a89c5052ebaa6527f0a
-
SSDEEP
12288:0fdrLbDZaNRplJc6lDTD6V2pv25r2/i2bV576dIpcZ9yrCFqBqi/1aM5jtkR:mLDZMRpncGDTGVl5rmNx57m9FqBqi/1S
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-