General
-
Target
bb36e77061553fbcab4e1bf1214d63f5e9a5b97d0dc2742bf648a3811a2678ee
-
Size
773KB
-
Sample
240604-bgwbrsfg7t
-
MD5
213f65a7f734d0a847ae737a8282250a
-
SHA1
e06240e31b96105eafdb77e241dfa5d36c2853d6
-
SHA256
bb36e77061553fbcab4e1bf1214d63f5e9a5b97d0dc2742bf648a3811a2678ee
-
SHA512
898285c54003ec890d565929489c92cfdb02841f9ee38844f1119621d0090a0dd474d42ec67e8b7de03c759619ff538f2b828ccc9d505ba19f3d2e94f857df58
-
SSDEEP
12288:kYydlFw5tEy8CrmIgvbLlzVBNzkkZs6RxgNBhrJFda4XhK173K6ynX:k3nwtJ5g3lz9zTjeFrPcmh09yn
Static task
static1
Behavioral task
behavioral1
Sample
bb36e77061553fbcab4e1bf1214d63f5e9a5b97d0dc2742bf648a3811a2678ee.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
bb36e77061553fbcab4e1bf1214d63f5e9a5b97d0dc2742bf648a3811a2678ee.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
tssveohxktcpzhdm - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
tssveohxktcpzhdm
Targets
-
-
Target
bb36e77061553fbcab4e1bf1214d63f5e9a5b97d0dc2742bf648a3811a2678ee
-
Size
773KB
-
MD5
213f65a7f734d0a847ae737a8282250a
-
SHA1
e06240e31b96105eafdb77e241dfa5d36c2853d6
-
SHA256
bb36e77061553fbcab4e1bf1214d63f5e9a5b97d0dc2742bf648a3811a2678ee
-
SHA512
898285c54003ec890d565929489c92cfdb02841f9ee38844f1119621d0090a0dd474d42ec67e8b7de03c759619ff538f2b828ccc9d505ba19f3d2e94f857df58
-
SSDEEP
12288:kYydlFw5tEy8CrmIgvbLlzVBNzkkZs6RxgNBhrJFda4XhK173K6ynX:k3nwtJ5g3lz9zTjeFrPcmh09yn
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-