General
-
Target
24dff5a1c99ed068a02b12a13493e6880d9e4556063b93074d4987bd8f50ad94
-
Size
714KB
-
Sample
240524-bph2eagb94
-
MD5
d3aae3b4ed5fc6e8da5f7368c36bfb58
-
SHA1
9705b9061899d65fa591b049456f12ab55a60476
-
SHA256
24dff5a1c99ed068a02b12a13493e6880d9e4556063b93074d4987bd8f50ad94
-
SHA512
b0dcf3ff91bbc8e74140c6f56b0627e3980634a6a9efb880002f62dfe378407bc5b42c7a3797edd56132174d40db9163cd3d67610d0a453814e0ed3f09428dbc
-
SSDEEP
12288:rfiIjc+ReWwGnj2hZFKr3Bwx48jxo45c714+OmEerrBxh88Z/YJGhQx0:rfd7gWwGnWZFi3GpjC45Q1nCeZ88ZwJ8
Static task
static1
Behavioral task
behavioral1
Sample
24dff5a1c99ed068a02b12a13493e6880d9e4556063b93074d4987bd8f50ad94.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
24dff5a1c99ed068a02b12a13493e6880d9e4556063b93074d4987bd8f50ad94.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
terminal4.veeblehosting.com - Port:
587 - Username:
[email protected] - Password:
Ifeanyi1987@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
terminal4.veeblehosting.com - Port:
587 - Username:
[email protected] - Password:
Ifeanyi1987@
Targets
-
-
Target
24dff5a1c99ed068a02b12a13493e6880d9e4556063b93074d4987bd8f50ad94
-
Size
714KB
-
MD5
d3aae3b4ed5fc6e8da5f7368c36bfb58
-
SHA1
9705b9061899d65fa591b049456f12ab55a60476
-
SHA256
24dff5a1c99ed068a02b12a13493e6880d9e4556063b93074d4987bd8f50ad94
-
SHA512
b0dcf3ff91bbc8e74140c6f56b0627e3980634a6a9efb880002f62dfe378407bc5b42c7a3797edd56132174d40db9163cd3d67610d0a453814e0ed3f09428dbc
-
SSDEEP
12288:rfiIjc+ReWwGnj2hZFKr3Bwx48jxo45c714+OmEerrBxh88Z/YJGhQx0:rfd7gWwGnWZFi3GpjC45Q1nCeZ88ZwJ8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-