General
-
Target
8a4dfea3b0429a7e6b465f46b7a712dea3d0000468731cb010132be045a04dce.exe
-
Size
81KB
-
Sample
240618-wbc88atcjd
-
MD5
1556965f1093c2977bd07b061349fc47
-
SHA1
713f5c15efdfdf2ea51e9b3b37149491cfa8471d
-
SHA256
8a4dfea3b0429a7e6b465f46b7a712dea3d0000468731cb010132be045a04dce
-
SHA512
27819598c7970d98eaf14fdea6070759ef06bc5185251b7beb56f94c49506eb740a339eee9808d898db16ace5122913a347eac3f910b75cd3c0965aa4ce56489
-
SSDEEP
1536:fon3Ys0UDnwfyCfpaszUPL2wHRs3dJ4oUH+qc3L+NT+Wt+RWevH4+:4nwKCf62uRyJ/wrcih+A+wevh
Static task
static1
Behavioral task
behavioral1
Sample
8a4dfea3b0429a7e6b465f46b7a712dea3d0000468731cb010132be045a04dce.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
8a4dfea3b0429a7e6b465f46b7a712dea3d0000468731cb010132be045a04dce.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.100demoras.pt - Port:
587 - Username:
[email protected] - Password:
uJ}Y+wl}5B6K
Extracted
agenttesla
Protocol: smtp- Host:
mail.100demoras.pt - Port:
587 - Username:
[email protected] - Password:
uJ}Y+wl}5B6K - Email To:
[email protected]
Targets
-
-
Target
8a4dfea3b0429a7e6b465f46b7a712dea3d0000468731cb010132be045a04dce.exe
-
Size
81KB
-
MD5
1556965f1093c2977bd07b061349fc47
-
SHA1
713f5c15efdfdf2ea51e9b3b37149491cfa8471d
-
SHA256
8a4dfea3b0429a7e6b465f46b7a712dea3d0000468731cb010132be045a04dce
-
SHA512
27819598c7970d98eaf14fdea6070759ef06bc5185251b7beb56f94c49506eb740a339eee9808d898db16ace5122913a347eac3f910b75cd3c0965aa4ce56489
-
SSDEEP
1536:fon3Ys0UDnwfyCfpaszUPL2wHRs3dJ4oUH+qc3L+NT+Wt+RWevH4+:4nwKCf62uRyJ/wrcih+A+wevh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-