General
-
Target
12e9c03a5e683f32479be9a2b03e8c3c02d13de0c951f8832ef4814f3e21b508
-
Size
2.7MB
-
Sample
240604-byqslshd58
-
MD5
08200de79c23e9bc76c61605701efeef
-
SHA1
e868aad37ba389f6ca61bb58e9d2fb5c0b35f8c4
-
SHA256
12e9c03a5e683f32479be9a2b03e8c3c02d13de0c951f8832ef4814f3e21b508
-
SHA512
9b03349d59dbab54a9b12061cb47bad5cdce96c19aabaa1a36a6e1150b6a68d2ce4d3847a2a91d88e8b8c726bf0cd1bd30a84ab62ed69a9b857cead4c1f70245
-
SSDEEP
49152:1MnjosT5h82MTAttVzfSfy//lKqXvQYBYMfzkN9nBKslZGQDVEuBb77FqUkC2eaD:WjTNVbttJq2lKYzk/BKslAGbXIUkbezk
Static task
static1
Behavioral task
behavioral1
Sample
ryMblnsuw.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ryMblnsuw.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gencoldfire.com - Port:
587 - Username:
[email protected] - Password:
U+&%W@y1mSEUOinP - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.gencoldfire.com - Port:
587 - Username:
[email protected] - Password:
U+&%W@y1mSEUOinP
Targets
-
-
Target
ryMblnsuw.exe
-
Size
2.7MB
-
MD5
427989058148c362cd9700676af2d0ab
-
SHA1
f6c751378092726a9a935c845b71b45d839fa55d
-
SHA256
f17124a24df7513eec26b3ee2c727e3befe328c6baba11ee546e0d230c6f49af
-
SHA512
eaf9a904208601b441bb58250942dbd3141c68ce8d957c616612b496de2e3525284364544b7bbda4de8cc3e96dff845392252c9dc3956301f218e22e231792b1
-
SSDEEP
49152:XUD4gT1/8cETQ7FVz3ifenvluqlD8WzogfDujvnDyslzmQLXWQBd7N3qUUsgQaIm:kDj5tR7FJyklMMDuTDyslasd5aUUxQds
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-