General
-
Target
c9a985aea86448e6770b76c334fbd6a83658df00688bd4e754bde0ec0a12504f.exe
-
Size
816KB
-
Sample
240609-l1yakshg73
-
MD5
35ad880f5b37f694d5d9fc7d750cad14
-
SHA1
262f9712da9fb80700481b28b539f52f3ce9fa98
-
SHA256
c9a985aea86448e6770b76c334fbd6a83658df00688bd4e754bde0ec0a12504f
-
SHA512
491cfb154b71f7b3b25306e0abf8ccff3532149ece79b4be827e5b5c5ad8913ed9bdca09edb6976755ff6c3e1bf1024e7ce5e89061326443fba32759a7ee5a60
-
SSDEEP
12288:JY4e1029uZQEzSp4b5N1kC2Dg0A9INKLdzReocbosx:FereQEG4b5N1kC4gpINqdc0c
Static task
static1
Behavioral task
behavioral1
Sample
c9a985aea86448e6770b76c334fbd6a83658df00688bd4e754bde0ec0a12504f.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
c9a985aea86448e6770b76c334fbd6a83658df00688bd4e754bde0ec0a12504f.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
czac mhpu qwqn fkiu - Email To:
[email protected]
Targets
-
-
Target
c9a985aea86448e6770b76c334fbd6a83658df00688bd4e754bde0ec0a12504f.exe
-
Size
816KB
-
MD5
35ad880f5b37f694d5d9fc7d750cad14
-
SHA1
262f9712da9fb80700481b28b539f52f3ce9fa98
-
SHA256
c9a985aea86448e6770b76c334fbd6a83658df00688bd4e754bde0ec0a12504f
-
SHA512
491cfb154b71f7b3b25306e0abf8ccff3532149ece79b4be827e5b5c5ad8913ed9bdca09edb6976755ff6c3e1bf1024e7ce5e89061326443fba32759a7ee5a60
-
SSDEEP
12288:JY4e1029uZQEzSp4b5N1kC2Dg0A9INKLdzReocbosx:FereQEG4b5N1kC4gpINqdc0c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/BgImage.dll
-
Size
7KB
-
MD5
ee255bdf426349e1caa8f1b71de9fd22
-
SHA1
d589773826620046df1d77dd148f819a88dd35ec
-
SHA256
a45f294137e2b0f6092eee8fdd2e19334f34ff3640d865a810b70f2104e92c21
-
SHA512
71eeb41b5816b7d0f9517264aaf026da878561b6a222064c8100e47c383de9ac369800b734468322f3a6fc3eedb1a23d3c5ca6874bd7bf84af08f395248872cc
-
SSDEEP
96:8ePik1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uTc4j7J3kWyy/:tPdTJa2roqJyA2EN8diuTJje
Score1/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
dbdbf4017ff91c9de328697b5fd2e10a
-
SHA1
b597a5e9a8a0b252770933feed51169b5060a09f
-
SHA256
be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36
-
SHA512
3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10
-
SSDEEP
96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI
Score3/10 -