General
-
Target
6d0887ff7ad06bcc664a9c0393df240467a1ce36383311a4eea6e0fb40d05340
-
Size
616KB
-
Sample
240530-cbvzgsac8w
-
MD5
79518e1aded2254563027faf02d3ff03
-
SHA1
da6e1297a25c10da7fb301bf8abbbb2ef24b342d
-
SHA256
6d0887ff7ad06bcc664a9c0393df240467a1ce36383311a4eea6e0fb40d05340
-
SHA512
e46493401b7f6976020709d6260f647b252df9fc070549cf95c41737f1aaaeeb2c7937676fb548dcabdbe6f65fe060a3bf7fed8601d01bbdb99cb201d76389bf
-
SSDEEP
12288:i0uI8ruENu+U9WcxcupFgfYtL8UavowjCedZ:HMrBUr7piTJuK
Static task
static1
Behavioral task
behavioral1
Sample
6d0887ff7ad06bcc664a9c0393df240467a1ce36383311a4eea6e0fb40d05340.exe
Resource
win7-20240508-en
Malware Config
Extracted
xworm
5.0
172.93.222.235:7725
EaDc0m9mpwzOMMwb
-
install_file
USB.exe
Extracted
agenttesla
Protocol: smtp- Host:
s82.gocheapweb.com - Port:
587 - Username:
[email protected] - Password:
london@1759 - Email To:
[email protected]
Targets
-
-
Target
6d0887ff7ad06bcc664a9c0393df240467a1ce36383311a4eea6e0fb40d05340
-
Size
616KB
-
MD5
79518e1aded2254563027faf02d3ff03
-
SHA1
da6e1297a25c10da7fb301bf8abbbb2ef24b342d
-
SHA256
6d0887ff7ad06bcc664a9c0393df240467a1ce36383311a4eea6e0fb40d05340
-
SHA512
e46493401b7f6976020709d6260f647b252df9fc070549cf95c41737f1aaaeeb2c7937676fb548dcabdbe6f65fe060a3bf7fed8601d01bbdb99cb201d76389bf
-
SSDEEP
12288:i0uI8ruENu+U9WcxcupFgfYtL8UavowjCedZ:HMrBUr7piTJuK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect Xworm Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-