General
-
Target
5e995f13ba46ff2eccae59c67f54c91f78ad7436501b1091f9cae65e78b91d35
-
Size
1020KB
-
Sample
240604-by1ykshd69
-
MD5
a75a9c38a86e4072a094906ea4fc02e9
-
SHA1
9cec22cf1627d2b38466e1e535ffdfb0cc1f91bb
-
SHA256
5e995f13ba46ff2eccae59c67f54c91f78ad7436501b1091f9cae65e78b91d35
-
SHA512
5ac183b16175ff53e0056cddbb243a8ed07e51c053f5c46859799e4b2f27d1a5813773ae7c505b31c016aafe45e0886a75d87e4c97ce8d270f40d9d0bf808a87
-
SSDEEP
24576:6AHnh+eWsN3skA4RV1Hom2KXMmHaEbeXQYbBlI5:Nh+ZkldoPK8YaEKAiC
Static task
static1
Behavioral task
behavioral1
Sample
5e995f13ba46ff2eccae59c67f54c91f78ad7436501b1091f9cae65e78b91d35.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5e995f13ba46ff2eccae59c67f54c91f78ad7436501b1091f9cae65e78b91d35.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
al-hadha.com - Port:
587 - Username:
[email protected] - Password:
Aa77112233A - Email To:
[email protected]
Targets
-
-
Target
5e995f13ba46ff2eccae59c67f54c91f78ad7436501b1091f9cae65e78b91d35
-
Size
1020KB
-
MD5
a75a9c38a86e4072a094906ea4fc02e9
-
SHA1
9cec22cf1627d2b38466e1e535ffdfb0cc1f91bb
-
SHA256
5e995f13ba46ff2eccae59c67f54c91f78ad7436501b1091f9cae65e78b91d35
-
SHA512
5ac183b16175ff53e0056cddbb243a8ed07e51c053f5c46859799e4b2f27d1a5813773ae7c505b31c016aafe45e0886a75d87e4c97ce8d270f40d9d0bf808a87
-
SSDEEP
24576:6AHnh+eWsN3skA4RV1Hom2KXMmHaEbeXQYbBlI5:Nh+ZkldoPK8YaEKAiC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-