General
-
Target
645a3812f159bc9a5bb58ccc5d507ea03ace7819b8f7bb45156f3e3b48f7e607.exe
-
Size
403KB
-
Sample
240518-larecadc7v
-
MD5
a31aa0b68415520dba9357caa5f77756
-
SHA1
a4e034c9f78a3032788e97677635e84e1bcd0170
-
SHA256
645a3812f159bc9a5bb58ccc5d507ea03ace7819b8f7bb45156f3e3b48f7e607
-
SHA512
9c5844eff53227e99bdbc52fac5e62e85952aa4e58516f85f1c2e211984936195f41784b305c5c8267880f9cbb3adcb09dedc4d3d1a9c7c4212e6cc8a52b5db7
-
SSDEEP
1536:4Y8lD5pvVORG695kJtwCeZ746DyQbhp/w7FVQ7qPpqOLy0uyL+fh:aHpvriaJr2YQbhtwRmYuyc
Static task
static1
Behavioral task
behavioral1
Sample
645a3812f159bc9a5bb58ccc5d507ea03ace7819b8f7bb45156f3e3b48f7e607.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
645a3812f159bc9a5bb58ccc5d507ea03ace7819b8f7bb45156f3e3b48f7e607.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
OBC#75@tsGreenPass@5974a - Email To:
[email protected]
Targets
-
-
Target
645a3812f159bc9a5bb58ccc5d507ea03ace7819b8f7bb45156f3e3b48f7e607.exe
-
Size
403KB
-
MD5
a31aa0b68415520dba9357caa5f77756
-
SHA1
a4e034c9f78a3032788e97677635e84e1bcd0170
-
SHA256
645a3812f159bc9a5bb58ccc5d507ea03ace7819b8f7bb45156f3e3b48f7e607
-
SHA512
9c5844eff53227e99bdbc52fac5e62e85952aa4e58516f85f1c2e211984936195f41784b305c5c8267880f9cbb3adcb09dedc4d3d1a9c7c4212e6cc8a52b5db7
-
SSDEEP
1536:4Y8lD5pvVORG695kJtwCeZ746DyQbhp/w7FVQ7qPpqOLy0uyL+fh:aHpvriaJr2YQbhtwRmYuyc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-