General
-
Target
cbf0411886b4367a9fb71a8822c4b258a8dc7641de783dea7ff89b91eba7922f
-
Size
1.0MB
-
Sample
240519-bklazaad4w
-
MD5
9bd835de046c6820faa61c12f5ccfd01
-
SHA1
7f7e3726c785b42965b948ab9b652fad91f4a8e9
-
SHA256
cbf0411886b4367a9fb71a8822c4b258a8dc7641de783dea7ff89b91eba7922f
-
SHA512
af0770dc98b24dc7c977e82f2b058ca0dc373a4a4f776b6f5e75706788384e860f3d5c4fc80154646656dd64c0707df4bd076942c243c066f67a713d43352fb8
-
SSDEEP
24576:9AHnh+eWsN3skA4RV1Hom2KXMmHaitC+YwoZgwi5:ch+ZkldoPK8YaiEsoZg1
Static task
static1
Behavioral task
behavioral1
Sample
cbf0411886b4367a9fb71a8822c4b258a8dc7641de783dea7ff89b91eba7922f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cbf0411886b4367a9fb71a8822c4b258a8dc7641de783dea7ff89b91eba7922f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.marinasands.gr - Port:
587 - Username:
[email protected] - Password:
;lHJ#%M!iBh- - Email To:
[email protected]
Targets
-
-
Target
cbf0411886b4367a9fb71a8822c4b258a8dc7641de783dea7ff89b91eba7922f
-
Size
1.0MB
-
MD5
9bd835de046c6820faa61c12f5ccfd01
-
SHA1
7f7e3726c785b42965b948ab9b652fad91f4a8e9
-
SHA256
cbf0411886b4367a9fb71a8822c4b258a8dc7641de783dea7ff89b91eba7922f
-
SHA512
af0770dc98b24dc7c977e82f2b058ca0dc373a4a4f776b6f5e75706788384e860f3d5c4fc80154646656dd64c0707df4bd076942c243c066f67a713d43352fb8
-
SSDEEP
24576:9AHnh+eWsN3skA4RV1Hom2KXMmHaitC+YwoZgwi5:ch+ZkldoPK8YaiEsoZg1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-