General
-
Target
165b5c3138801714eac7bc3f21f48adcdf2974931f611c9297de06064f8f96aa
-
Size
1.1MB
-
Sample
240521-br35csea51
-
MD5
35c7b17806d7bf19b876494331facdc2
-
SHA1
e329a04ca002bba4035156d0ede400ac76da3ff9
-
SHA256
165b5c3138801714eac7bc3f21f48adcdf2974931f611c9297de06064f8f96aa
-
SHA512
87e6df241de0b6bff063dc13e4017d61eacf539a3fff1a56168d2881fcac120ecd5bb985f8a91f7e75d4dbbdeb2561e930a4e3e5b1efeebeebbd02aa47b3047d
-
SSDEEP
24576:KUYVW+vMHWCbBmvkFRdtdrzJXfHdzU/GZa4fsIchjz2X7ZD2Kcl:8JLCbBisdDrzcI6P/I7ZSKcl
Static task
static1
Behavioral task
behavioral1
Sample
165b5c3138801714eac7bc3f21f48adcdf2974931f611c9297de06064f8f96aa.xlsx
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
165b5c3138801714eac7bc3f21f48adcdf2974931f611c9297de06064f8f96aa.xlsx
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fasmacopy.gr - Port:
587 - Username:
[email protected] - Password:
Fam28sjd - Email To:
[email protected]
Targets
-
-
Target
165b5c3138801714eac7bc3f21f48adcdf2974931f611c9297de06064f8f96aa
-
Size
1.1MB
-
MD5
35c7b17806d7bf19b876494331facdc2
-
SHA1
e329a04ca002bba4035156d0ede400ac76da3ff9
-
SHA256
165b5c3138801714eac7bc3f21f48adcdf2974931f611c9297de06064f8f96aa
-
SHA512
87e6df241de0b6bff063dc13e4017d61eacf539a3fff1a56168d2881fcac120ecd5bb985f8a91f7e75d4dbbdeb2561e930a4e3e5b1efeebeebbd02aa47b3047d
-
SSDEEP
24576:KUYVW+vMHWCbBmvkFRdtdrzJXfHdzU/GZa4fsIchjz2X7ZD2Kcl:8JLCbBisdDrzcI6P/I7ZSKcl
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-