General
-
Target
19052024_0210_16052024_IMG_011160528.7z
-
Size
27KB
-
Sample
240519-clxk3adc63
-
MD5
90184b17fa2d0f7771382a1dc43434b1
-
SHA1
fd0cc4b8a5f911039a292b35dc64b25eb5b38a79
-
SHA256
43838a45bee0933aa37d516f28180fc23f48db6a47a58cf0613f564edb8846e9
-
SHA512
44ceb3c27fe9ebaf00c0040d4b4f2bd934d25cecb57b8518f9b31ccc86065c905ef9a538a864fe39a6451db105136d9ae9499e561dc579ae8f36333559716f17
-
SSDEEP
768:6n5Auzt8mmAfyDyw52znT/wWuNcfp5TkcQfD+3NT:3uzMAaOwanTo5iRicQ0h
Static task
static1
Behavioral task
behavioral1
Sample
IMG_011160528.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
IMG_011160528.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
AvydGQ8TIDH9 - Email To:
[email protected]
Targets
-
-
Target
IMG_011160528.exe
-
Size
66KB
-
MD5
6b922539f1cbc89ca73ac0d9bc5df9a0
-
SHA1
b93e8aec68e05730de4b9b2abe14190f7e8f3e58
-
SHA256
cb6670f4f7b6a07c25f521019626dbd56cd7a2d4ffbb754769a3dc0e4fe713ec
-
SHA512
460c2d4e9a6f7c39d94c88530928436492852497f58ef95daec9a2d00d7e1921a805294044a0cfbd9ed37ef0df3a46a2b413c83eb6234fbf6f1acdeb49775014
-
SSDEEP
1536:V04E/c6ODf/L/EYonabLDnXW+6RFJT9Z8BJQ2rs3hGH:2/7/FJBZMJQ2rpH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-