General
-
Target
b3951089bb37cbdc49522fb1362c89c30692a0979d9931ed76b25f78963769c9
-
Size
826KB
-
Sample
240612-cj5hwsydme
-
MD5
8b76fd5563f1dfd758ac32238af1770d
-
SHA1
7aca5695a6ee35183993ac1f586865e62626653d
-
SHA256
b3951089bb37cbdc49522fb1362c89c30692a0979d9931ed76b25f78963769c9
-
SHA512
0ec595bae99b3a9647892f1c63b722f79b7c3e65dbb3b2cba61d5aa8d535ca14e7df444af1fc351e89e00df0278c9acc8163de96f33b129175015906cf788534
-
SSDEEP
12288:ulOKjCJAQC/4fBtLDvM7BlH7m/LXPYJk4gRJ5llIhmdiqACR5leZlNo:64AD4fPw7BgLPYJkr/d3A+er
Static task
static1
Behavioral task
behavioral1
Sample
SKMBT ref 11062024.scr
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
SKMBT ref 11062024.scr
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
eddie101 - Email To:
[email protected]
Targets
-
-
Target
SKMBT ref 11062024.scr
-
Size
764KB
-
MD5
d50275bec33aa7fcbbc5e9e3efb7086f
-
SHA1
6fc77e994f56af643ec5c429c2da401d1fcffda4
-
SHA256
753cdbf4b5b1e61e9d56b9c40a157903a3a346595160c5d2e1c766ffde730323
-
SHA512
5b5b5ecee7ae9b6cc0c8dca3f49fe14b123dc5303b954c7008a84b2b2f1972c0b8b515a1afa6fccf9225a90c02b50efa67123b8a9f83dd021ba7ce459ad7bf4a
-
SSDEEP
12288:8lOKjCJAQC/4fBtLDvM7BlH7m/LXPYJk4gRJ5llIhmdiqACR5leZlNo:k4AD4fPw7BgLPYJkr/d3A+er
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-