General
-
Target
bd7e5c87f49602b8510f3f2bdc4b54d0f3a0c36a8712b0e823d6eeb640c6ee0b
-
Size
1023KB
-
Sample
240519-bmwvgsaf2v
-
MD5
4562898670e9e060dc9a403ff6f00d38
-
SHA1
a66018fa370732433ab2b131101b9750d3065a32
-
SHA256
bd7e5c87f49602b8510f3f2bdc4b54d0f3a0c36a8712b0e823d6eeb640c6ee0b
-
SHA512
265465649a654574df54a5a0ef925b1a00ffa7dbcf2f2e0ee1852866b755fa2e096c0abaab9ede80d7bb4fc8873a03599fc0ff7acf1aace61d5d52e680e9beee
-
SSDEEP
24576:AbDG+hkszyqFaciQSQ+HEoT4O+g1oyTNuivUibF:IG+h9O0mQX6EI+KoMzMibF
Static task
static1
Behavioral task
behavioral1
Sample
bd7e5c87f49602b8510f3f2bdc4b54d0f3a0c36a8712b0e823d6eeb640c6ee0b.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lilydesign.com.tr - Port:
587 - Username:
[email protected] - Password:
0508Lily0508Lily* - Email To:
[email protected]
Targets
-
-
Target
bd7e5c87f49602b8510f3f2bdc4b54d0f3a0c36a8712b0e823d6eeb640c6ee0b
-
Size
1023KB
-
MD5
4562898670e9e060dc9a403ff6f00d38
-
SHA1
a66018fa370732433ab2b131101b9750d3065a32
-
SHA256
bd7e5c87f49602b8510f3f2bdc4b54d0f3a0c36a8712b0e823d6eeb640c6ee0b
-
SHA512
265465649a654574df54a5a0ef925b1a00ffa7dbcf2f2e0ee1852866b755fa2e096c0abaab9ede80d7bb4fc8873a03599fc0ff7acf1aace61d5d52e680e9beee
-
SSDEEP
24576:AbDG+hkszyqFaciQSQ+HEoT4O+g1oyTNuivUibF:IG+h9O0mQX6EI+KoMzMibF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-