General
-
Target
57a398dff9d4f68861c268582db4c71ed7a685e1e87e65f1e685b1acaad10c2c.rar
-
Size
667KB
-
Sample
240518-lbd6eadc37
-
MD5
5a89daa1e050cba1779cde2763012b64
-
SHA1
ef9d48ec4a12917b7d7dcdeab8fc874a18ba2fb5
-
SHA256
57a398dff9d4f68861c268582db4c71ed7a685e1e87e65f1e685b1acaad10c2c
-
SHA512
d449555dddb95471691bcad103d19673605d87749006b0d89d7b0238284364cfea9c6a097353707bc857b61a30fcf59e31ac2a2c54b1cd94b609f44c2ef5ade8
-
SSDEEP
12288:cbRWTEkkRkID5X8uaZ/BRu7D69JDABhMVGdVmb2b+oHQamiA7Z2CmDB4:CyclNsxZ/BR/sBWVImqb+ymivCmDB4
Static task
static1
Behavioral task
behavioral1
Sample
PO#7A68D23.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
PO#7A68D23.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@
Targets
-
-
Target
PO#7A68D23.exe
-
Size
699KB
-
MD5
7f6851319c375942e2e88afdb6b2a752
-
SHA1
38cf3164eac0d413acd4d5b92ae1cf18139be7a6
-
SHA256
826d8202d71324a5d3b0b76f33e8633d791e0cd0e8d1130c03a612458f9d7d77
-
SHA512
e4e6e04eef53f714b9d1e7cd2c975cf7f3ff20d6abfb6de734b378ccdd1553e359de39707fecc53d0ef2e4020d9b1d6f68ff72d7e7575e69f9596ab6ae65ada3
-
SSDEEP
12288:TdrLbDZaNRpndZloSEI1BzEkmZLpfy9NkgaYb2egKRBM0/RaxBLsUtJ6U8JMBQ:RLDZMRpndLwZLpaqqvgspaxtsUyZJd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-