General
-
Target
cd33a4d316a698e903c39052eabe8f10ba82408484dd3f3cdf1f236ff56bbab0
-
Size
3.1MB
-
Sample
240522-by4z8sgc81
-
MD5
f014ae406589298370217df18a06baaa
-
SHA1
af8a5277ac8828f4aa36218391abdaac95ad348e
-
SHA256
cd33a4d316a698e903c39052eabe8f10ba82408484dd3f3cdf1f236ff56bbab0
-
SHA512
775c0680d8ddba45e5357ffdd6def48f60551347fdb6d8a49b60c12b847aab6844087dcd954416bff15686edf49a2006a35dbcbeae2cd67a2fd5f26ffd2f7338
-
SSDEEP
49152:vD02uh5g16rRugWGrZWqFGVCv1i+2KErruFVlbVvaB9Gy6meCMyFtd9wX:vj1cRa8kqHvo/KAuLbNaDanyFD6X
Static task
static1
Behavioral task
behavioral1
Sample
cd33a4d316a698e903c39052eabe8f10ba82408484dd3f3cdf1f236ff56bbab0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cd33a4d316a698e903c39052eabe8f10ba82408484dd3f3cdf1f236ff56bbab0.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
th8k5XTA1sG(5$rx - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
th8k5XTA1sG(5$rx
Targets
-
-
Target
cd33a4d316a698e903c39052eabe8f10ba82408484dd3f3cdf1f236ff56bbab0
-
Size
3.1MB
-
MD5
f014ae406589298370217df18a06baaa
-
SHA1
af8a5277ac8828f4aa36218391abdaac95ad348e
-
SHA256
cd33a4d316a698e903c39052eabe8f10ba82408484dd3f3cdf1f236ff56bbab0
-
SHA512
775c0680d8ddba45e5357ffdd6def48f60551347fdb6d8a49b60c12b847aab6844087dcd954416bff15686edf49a2006a35dbcbeae2cd67a2fd5f26ffd2f7338
-
SSDEEP
49152:vD02uh5g16rRugWGrZWqFGVCv1i+2KErruFVlbVvaB9Gy6meCMyFtd9wX:vj1cRa8kqHvo/KAuLbNaDanyFD6X
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-