General
-
Target
2fb680ad3d71082b098f86c2e0951771327e41f3f91f8e985fd5af4a3e19afb5
-
Size
419KB
-
Sample
240522-wt77babe4x
-
MD5
b42c1ef915b84e3d0bbb1195eb4b2eca
-
SHA1
adb82027b3418dc70226f3eb0c8a562b5c82f839
-
SHA256
2fb680ad3d71082b098f86c2e0951771327e41f3f91f8e985fd5af4a3e19afb5
-
SHA512
a3d5ff235e15c1168983266fb4a4252af11f720bf3a1069cb2dce6373972359e5a75e81f546d9cc33d6c84c158b56b008a52fec904074f8269f4d5ce37a496fd
-
SSDEEP
6144:/9X0GEh9EyWfqG2ts8KYV/i43TsgyT4O/f/KNC8pb+P+AoJb0EerVrBETw0Augjo:J0VEsvPZG/XUC8pU+AoB+VrBET10o
Static task
static1
Behavioral task
behavioral1
Sample
2fb680ad3d71082b098f86c2e0951771327e41f3f91f8e985fd5af4a3e19afb5.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2fb680ad3d71082b098f86c2e0951771327e41f3f91f8e985fd5af4a3e19afb5.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
neontechvendors.com - Port:
587 - Username:
[email protected] - Password:
Mustfly@90 - Email To:
[email protected]
Targets
-
-
Target
2fb680ad3d71082b098f86c2e0951771327e41f3f91f8e985fd5af4a3e19afb5
-
Size
419KB
-
MD5
b42c1ef915b84e3d0bbb1195eb4b2eca
-
SHA1
adb82027b3418dc70226f3eb0c8a562b5c82f839
-
SHA256
2fb680ad3d71082b098f86c2e0951771327e41f3f91f8e985fd5af4a3e19afb5
-
SHA512
a3d5ff235e15c1168983266fb4a4252af11f720bf3a1069cb2dce6373972359e5a75e81f546d9cc33d6c84c158b56b008a52fec904074f8269f4d5ce37a496fd
-
SSDEEP
6144:/9X0GEh9EyWfqG2ts8KYV/i43TsgyT4O/f/KNC8pb+P+AoJb0EerVrBETw0Augjo:J0VEsvPZG/XUC8pU+AoB+VrBET10o
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
34442e1e0c2870341df55e1b7b3cccdc
-
SHA1
99b2fa21aead4b6ccd8ff2f6d3d3453a51d9c70c
-
SHA256
269d232712c86983336badb40b9e55e80052d8389ed095ebf9214964d43b6bb1
-
SHA512
4a8c57fb12997438b488b862f3fc9dc0f236e07bb47b2bce6053dcb03ac7ad171842f02ac749f02dda4719c681d186330524cd2953d33cb50854844e74b33d51
-
SSDEEP
192:jPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4I:u7VpNo8gmOyRsVc4
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
ac0f93b2dec82e9579bff14c8572a6c8
-
SHA1
6460244317cbb77e342adb3561ec3acb496c84d5
-
SHA256
3aa8e0abadefea2de58281198acfe48713a1d5b43aea5619f563cea098e9fd34
-
SHA512
8055a6af150c45547927499f9cbf645d7f39c8e4f9caff4726fd711d2401abca01a79837095e5752b9f57b06446973ea6506796f2223bdb0179243d6e0575bd2
-
SSDEEP
96:5OBtEB2flLkatAthPZJoi9jpfW/er6cBbcB/NFyVOHd0+u3wEX:5hB2flXAVJtjf6cBbcB/N8Ved0PJ
Score3/10 -