General
-
Target
d8bb5e295cfe6010328921b8a0c8bb4724fb71779745e53e5ee7e6b12bc0ff3d
-
Size
855KB
-
Sample
240612-cep8eaycpj
-
MD5
8170abb63cae06fbd8e8ea6c7aa5b078
-
SHA1
8f4d022527a6564e3f5d96c63c001cd97d59c78b
-
SHA256
d8bb5e295cfe6010328921b8a0c8bb4724fb71779745e53e5ee7e6b12bc0ff3d
-
SHA512
3b9b34925f091fc4b04f68a29cc3b44be01fccbf10bce3fcabcb666969a9a9fcc9244494ffada906428e097001e563ea25da290986e356d90d0a66ad16070ca0
-
SSDEEP
24576:2g61jjk0LAta9AsHDIFaX+IDbcW0EcHb1gKSDKQXw:4P0W0Eci
Static task
static1
Behavioral task
behavioral1
Sample
d8bb5e295cfe6010328921b8a0c8bb4724fb71779745e53e5ee7e6b12bc0ff3d.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
d8bb5e295cfe6010328921b8a0c8bb4724fb71779745e53e5ee7e6b12bc0ff3d.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.magnaprocessing.com - Port:
587 - Username:
[email protected] - Password:
N?cxbomk.}nI - Email To:
[email protected]
Targets
-
-
Target
d8bb5e295cfe6010328921b8a0c8bb4724fb71779745e53e5ee7e6b12bc0ff3d
-
Size
855KB
-
MD5
8170abb63cae06fbd8e8ea6c7aa5b078
-
SHA1
8f4d022527a6564e3f5d96c63c001cd97d59c78b
-
SHA256
d8bb5e295cfe6010328921b8a0c8bb4724fb71779745e53e5ee7e6b12bc0ff3d
-
SHA512
3b9b34925f091fc4b04f68a29cc3b44be01fccbf10bce3fcabcb666969a9a9fcc9244494ffada906428e097001e563ea25da290986e356d90d0a66ad16070ca0
-
SSDEEP
24576:2g61jjk0LAta9AsHDIFaX+IDbcW0EcHb1gKSDKQXw:4P0W0Eci
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-