General
-
Target
b29804d957c71d706245f48e7d72a8614ec746e5b3da423a05f980fa865d7a77
-
Size
1.0MB
-
Sample
240612-bngf7axekl
-
MD5
9a1e316f859f8cbb6b8e410965d2f4d3
-
SHA1
7391c18e38cc0a7e23d8de6b9564dd794561495a
-
SHA256
b29804d957c71d706245f48e7d72a8614ec746e5b3da423a05f980fa865d7a77
-
SHA512
db3a5d265490df1b69a15dfa8c5fb76d1bb8c8bbec70c7adea836884314c7925e92b68252444c897e13f0c8602136f289977662039f73f203950a6b04d4383b0
-
SSDEEP
24576:WAHnh+eWsN3skA4RV1Hom2KXMmHa7eGJfHF5:xh+ZkldoPK8Ya7bF/
Static task
static1
Behavioral task
behavioral1
Sample
b29804d957c71d706245f48e7d72a8614ec746e5b3da423a05f980fa865d7a77.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b29804d957c71d706245f48e7d72a8614ec746e5b3da423a05f980fa865d7a77.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sklada.bg - Port:
587 - Username:
[email protected] - Password:
Kaloyan10 - Email To:
[email protected]
Targets
-
-
Target
b29804d957c71d706245f48e7d72a8614ec746e5b3da423a05f980fa865d7a77
-
Size
1.0MB
-
MD5
9a1e316f859f8cbb6b8e410965d2f4d3
-
SHA1
7391c18e38cc0a7e23d8de6b9564dd794561495a
-
SHA256
b29804d957c71d706245f48e7d72a8614ec746e5b3da423a05f980fa865d7a77
-
SHA512
db3a5d265490df1b69a15dfa8c5fb76d1bb8c8bbec70c7adea836884314c7925e92b68252444c897e13f0c8602136f289977662039f73f203950a6b04d4383b0
-
SSDEEP
24576:WAHnh+eWsN3skA4RV1Hom2KXMmHa7eGJfHF5:xh+ZkldoPK8Ya7bF/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-