General
-
Target
3b76f3aaf3d8f2f296cc272bbd031df5ea7126de65f2a40e8773aa155ca43601.exe
-
Size
640KB
-
Sample
240618-t2rs7a1fka
-
MD5
82d1a111a163bd463d09f76865182045
-
SHA1
442da7141a7fbebfb1c5e92c584f9aaf703ca9c9
-
SHA256
3b76f3aaf3d8f2f296cc272bbd031df5ea7126de65f2a40e8773aa155ca43601
-
SHA512
00a40d456b2507885d68d13ad3d9eb67c53f8262f732c654f37e98a33d77f62f3e7feb8cf9d4f75603333d6ac979a428967155f2fe688ae112a9f811036f9ada
-
SSDEEP
12288:+mT/iFIsPAb/z/sPKLIRMprVf/lqC+JBeGUwLzaw3mKkQI7n+v1Fekem+ztyvrOf:rTkIKybU8mMprVHlqCjGUwLzl2mI7qds
Static task
static1
Behavioral task
behavioral1
Sample
3b76f3aaf3d8f2f296cc272bbd031df5ea7126de65f2a40e8773aa155ca43601.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
3b76f3aaf3d8f2f296cc272bbd031df5ea7126de65f2a40e8773aa155ca43601.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alitextile.com - Port:
587 - Username:
[email protected] - Password:
Myname@321 - Email To:
[email protected]
Targets
-
-
Target
3b76f3aaf3d8f2f296cc272bbd031df5ea7126de65f2a40e8773aa155ca43601.exe
-
Size
640KB
-
MD5
82d1a111a163bd463d09f76865182045
-
SHA1
442da7141a7fbebfb1c5e92c584f9aaf703ca9c9
-
SHA256
3b76f3aaf3d8f2f296cc272bbd031df5ea7126de65f2a40e8773aa155ca43601
-
SHA512
00a40d456b2507885d68d13ad3d9eb67c53f8262f732c654f37e98a33d77f62f3e7feb8cf9d4f75603333d6ac979a428967155f2fe688ae112a9f811036f9ada
-
SSDEEP
12288:+mT/iFIsPAb/z/sPKLIRMprVf/lqC+JBeGUwLzaw3mKkQI7n+v1Fekem+ztyvrOf:rTkIKybU8mMprVHlqCjGUwLzl2mI7qds
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-