General
-
Target
b800b17dcf627a5bfac40f8cf631a5d839b8028d8d57c66e8e0fdccaf1299198.xz
-
Size
626KB
-
Sample
240618-w25q6aybkr
-
MD5
7aac8672c5c030a21bde1bb813812d21
-
SHA1
38939135b913be94fd14fa835f9c2a079e0aad35
-
SHA256
b800b17dcf627a5bfac40f8cf631a5d839b8028d8d57c66e8e0fdccaf1299198
-
SHA512
d08a6bd8c9f65a42fed0d0dd078f87bb297bda99a8282c08176c0d2bcd37fc775bb3ef5b53d0e410707cca4f0de8a7a3f4fc278928b62df42e4c418cc9be47a5
-
SSDEEP
12288:0zz1vPWGsEPdvS6AcPv+EiZDQykpaY9BIf+O/FlJCFShZyFZlJtKOQH+:0zBPUadecPvuZ6p3slJClFJtnx
Static task
static1
Behavioral task
behavioral1
Sample
Conselhos De Pagamento Ref#739028738203894030.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Conselhos De Pagamento Ref#739028738203894030.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elektronikkutu.com - Port:
587 - Username:
[email protected] - Password:
9U:e3@wpS3:U7h_V - Email To:
[email protected]
Targets
-
-
Target
Conselhos De Pagamento Ref#739028738203894030.exe
-
Size
651KB
-
MD5
8c4cef6e79a11202c03950c808c4eb19
-
SHA1
5e406f0542ba40ae9fbcd15ba6b9cbaff899c107
-
SHA256
da6fa9caa609fd7f758a76b0b07044a9eee9f8db84ff72e3cbe171b0ce6d8c2e
-
SHA512
5b482eac78bc167abaca99ea38c13570a7761dcb5936024fe853800a848c19f885f89a167b3d428bca44257277d5bad660c2aa9763ff2a759b96213404a923f9
-
SSDEEP
12288:RSUVypPWLs8PdvSjAcEv+EiYDQGkpaY9BIf4OM2lJCFShryFZuVQ4Y/:RKPDSdhcEvuYopDmlJCVH1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-