General
-
Target
PO_27052024.exe
-
Size
660KB
-
Sample
240527-hsmx4acf77
-
MD5
4199d8995c4b86f6053c43cb70a87aa9
-
SHA1
ae7d740bc01ae87d643f98264efa3b995365a66f
-
SHA256
74a7dd343c4fac52d9d695d8d189a1bf3d5e5578622099bdf731544df385b75d
-
SHA512
e78a6a99ae8157f295a8c0cac9a0d72da5de4f4aa9e2fbaa131996e76eeb2906593d0e2bb6e82b8b733fd080cad5af1da5cea9b60be372942ac13122d6f5bbce
-
SSDEEP
12288:iuxrYCFd6xhOIHq2tGUoa/Vyljum2dQbimFl8+IjkpqyhscnFQXkR:181xh7HqmGUosV2qQbim34EhRFQC
Static task
static1
Behavioral task
behavioral1
Sample
PO_27052024.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
PO_27052024.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alitextile.com - Port:
587 - Username:
[email protected] - Password:
Myname321@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.alitextile.com - Port:
587 - Username:
[email protected] - Password:
Myname321@
Targets
-
-
Target
PO_27052024.exe
-
Size
660KB
-
MD5
4199d8995c4b86f6053c43cb70a87aa9
-
SHA1
ae7d740bc01ae87d643f98264efa3b995365a66f
-
SHA256
74a7dd343c4fac52d9d695d8d189a1bf3d5e5578622099bdf731544df385b75d
-
SHA512
e78a6a99ae8157f295a8c0cac9a0d72da5de4f4aa9e2fbaa131996e76eeb2906593d0e2bb6e82b8b733fd080cad5af1da5cea9b60be372942ac13122d6f5bbce
-
SSDEEP
12288:iuxrYCFd6xhOIHq2tGUoa/Vyljum2dQbimFl8+IjkpqyhscnFQXkR:181xh7HqmGUosV2qQbim34EhRFQC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-