General
-
Target
a2af1ab3dfa43f53d50c2b2e555404a79a93352bb3be48eacafbe02385d7f5b8
-
Size
2.3MB
-
Sample
240519-bmv8ysag68
-
MD5
ae254556475fdb5cbacc196456c6915e
-
SHA1
b87480589f905a3992e67fcb7e45137135cbf994
-
SHA256
a2af1ab3dfa43f53d50c2b2e555404a79a93352bb3be48eacafbe02385d7f5b8
-
SHA512
00906ee1742d65e5fc6d3ffaf0e09ab91b9dcb621d281b764ab324dcf51127e5d61878dea0a3aac158babd1e66818d406a0e3966465ba1a04ffbe39c4db3e371
-
SSDEEP
49152:g77ENwgV4bmzCH+5gPEzhM86GqfbSN/Zz9WZqOdhueP:oQNhVEH++ElfOkZz9WoOdhueP
Static task
static1
Behavioral task
behavioral1
Sample
a2af1ab3dfa43f53d50c2b2e555404a79a93352bb3be48eacafbe02385d7f5b8.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a2af1ab3dfa43f53d50c2b2e555404a79a93352bb3be48eacafbe02385d7f5b8.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
CCu5Z?WuH+bS4hsz - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
CCu5Z?WuH+bS4hsz
Targets
-
-
Target
a2af1ab3dfa43f53d50c2b2e555404a79a93352bb3be48eacafbe02385d7f5b8
-
Size
2.3MB
-
MD5
ae254556475fdb5cbacc196456c6915e
-
SHA1
b87480589f905a3992e67fcb7e45137135cbf994
-
SHA256
a2af1ab3dfa43f53d50c2b2e555404a79a93352bb3be48eacafbe02385d7f5b8
-
SHA512
00906ee1742d65e5fc6d3ffaf0e09ab91b9dcb621d281b764ab324dcf51127e5d61878dea0a3aac158babd1e66818d406a0e3966465ba1a04ffbe39c4db3e371
-
SSDEEP
49152:g77ENwgV4bmzCH+5gPEzhM86GqfbSN/Zz9WZqOdhueP:oQNhVEH++ElfOkZz9WoOdhueP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-