General
-
Target
7e12286566f85c9547a2d3508da9c7e5afa298b63a06369f1b12f516c5ace042
-
Size
1.2MB
-
Sample
240604-bx6sfahd33
-
MD5
32770720e55a73dbb1b6f85972bb8b00
-
SHA1
de1246e1f5d3e8e762bf041a53bb5b73d4a9dde8
-
SHA256
7e12286566f85c9547a2d3508da9c7e5afa298b63a06369f1b12f516c5ace042
-
SHA512
91a17cfec87a6a45b1ec3cac5bf619e735d69f98d0f0db4586c96adaf235746811796cbcebf0fd52a73de43e9e33b7afbaf07fa554346e793bef97f36d5a91c5
-
SSDEEP
24576:3/TZBT2H+Y8TPiIBH6Y9MSIXB0F8Hb+mcWQADBj00:3FkeY8DiIBZIaXmcVAdj00
Static task
static1
Behavioral task
behavioral1
Sample
7e12286566f85c9547a2d3508da9c7e5afa298b63a06369f1b12f516c5ace042.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sslout.de - Port:
587 - Username:
[email protected] - Password:
dataset123 - Email To:
[email protected]
Targets
-
-
Target
7e12286566f85c9547a2d3508da9c7e5afa298b63a06369f1b12f516c5ace042
-
Size
1.2MB
-
MD5
32770720e55a73dbb1b6f85972bb8b00
-
SHA1
de1246e1f5d3e8e762bf041a53bb5b73d4a9dde8
-
SHA256
7e12286566f85c9547a2d3508da9c7e5afa298b63a06369f1b12f516c5ace042
-
SHA512
91a17cfec87a6a45b1ec3cac5bf619e735d69f98d0f0db4586c96adaf235746811796cbcebf0fd52a73de43e9e33b7afbaf07fa554346e793bef97f36d5a91c5
-
SSDEEP
24576:3/TZBT2H+Y8TPiIBH6Y9MSIXB0F8Hb+mcWQADBj00:3FkeY8DiIBZIaXmcVAdj00
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-