General
-
Target
Your file name without extension goes here.exe
-
Size
2.8MB
-
Sample
240618-km5xtszdpn
-
MD5
8f6133a74122aa1a27d18e48c2a3fa0c
-
SHA1
b71bdccb8b06c081589d3063fa02874ffdd2450e
-
SHA256
a54d0aecd2d24ce47e9773d031b1995a6fe81b9508e02553aef5bd62ae5dcd8f
-
SHA512
b50d54a3f66c2935e633aadee0e6a6def99d81ed32fb1f7c6386f32bc4af2c8d6fd3ec894b448ae08870e56fd159d16f6ea802296a1274fd4eb96bbcd2de7a1b
-
SSDEEP
12288:lU46sykEJtb4RlyoxZePN6MAtWRdNu6vuqmBk+El4CG4DPi:lPRykobG7E69URdNxuqyk+dR
Static task
static1
Behavioral task
behavioral1
Sample
Your file name without extension goes here.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Your file name without extension goes here.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
terminal4.veeblehosting.com - Port:
587 - Username:
[email protected] - Password:
Ifeanyi1987@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
terminal4.veeblehosting.com - Port:
587 - Username:
[email protected] - Password:
Ifeanyi1987@
Targets
-
-
Target
Your file name without extension goes here.exe
-
Size
2.8MB
-
MD5
8f6133a74122aa1a27d18e48c2a3fa0c
-
SHA1
b71bdccb8b06c081589d3063fa02874ffdd2450e
-
SHA256
a54d0aecd2d24ce47e9773d031b1995a6fe81b9508e02553aef5bd62ae5dcd8f
-
SHA512
b50d54a3f66c2935e633aadee0e6a6def99d81ed32fb1f7c6386f32bc4af2c8d6fd3ec894b448ae08870e56fd159d16f6ea802296a1274fd4eb96bbcd2de7a1b
-
SSDEEP
12288:lU46sykEJtb4RlyoxZePN6MAtWRdNu6vuqmBk+El4CG4DPi:lPRykobG7E69URdNxuqyk+dR
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-