General
-
Target
9e4c975a08c32f87ff086024ba780bd0.bin
-
Size
694KB
-
Sample
240612-c6qcgsyhmp
-
MD5
65b3b4a3631332550a04ca2ff9efc5aa
-
SHA1
4a23ef73e6f04b00c5cb8f919573a970aaf43950
-
SHA256
638e75bf512aec9f6683260128c3d74441da502ec85eb1e3a12a3b3c150fe1a2
-
SHA512
944641692dbebef4e9809ca4565fb87cc80bce0eba73e7126ba5cad1b9b1d32fa7b68e709f0d6443690f19b9f16ad14ff0905f6650da83c8d21b846d52a4e018
-
SSDEEP
12288:QREjEU8q55RvXPcjJYTCwa9ROeliLesoHjW5T20I5vIW4lx4Q:1f8q1XcK2X90esoHjW5Ta5vIPp
Static task
static1
Behavioral task
behavioral1
Sample
2eeedb8129877d2cff8bfca258974786448f4babb12a1e44651735e675f09ca1.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2eeedb8129877d2cff8bfca258974786448f4babb12a1e44651735e675f09ca1.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.polykey.eu - Port:
587 - Username:
[email protected] - Password:
PVRNUEXCdyv9qPd8UM6m - Email To:
[email protected]
Targets
-
-
Target
2eeedb8129877d2cff8bfca258974786448f4babb12a1e44651735e675f09ca1.exe
-
Size
1.1MB
-
MD5
9e4c975a08c32f87ff086024ba780bd0
-
SHA1
dbc81c855977fdff4f4a1cf99c0be1b984dab109
-
SHA256
2eeedb8129877d2cff8bfca258974786448f4babb12a1e44651735e675f09ca1
-
SHA512
4903268f884e4dde313d3d088050674aadbd9fdb93f79539a5312e33d24498520c389d18ce99e84874ba399c1782d5242872f7f9a95fbbaec717e21e3a0f3b8d
-
SSDEEP
24576:8AHnh+eWsN3skA4RV1Hom2KXMmHaxsBAhLuqFfs3quI5:bh+ZkldoPK8YaxsShLHgqB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-