General
-
Target
azeaze.eml
-
Size
823KB
-
Sample
240619-hxmswszhkq
-
MD5
f8364468922666512f3ad044fcef09a7
-
SHA1
c4da25fc34ae960fc1eee9e382f9c15acd3b27ee
-
SHA256
20bcf4f26ec45e28805c868153587c7fe69d680b1fe3ed417961aff0f4f91feb
-
SHA512
9fd58b1044f3773f7f13f1e9cadd94c011d091a1d5ea39ccdf0c94ad49fb96986c36ac082a8f2eb7d906b5119a05b752fb5f01ceef03d3c44b37333780f7ff98
-
SSDEEP
12288:lQ46OAf42fwbQdSmoeJJnfm/4kKI5CB4880UXjuz9r5WNwznIJBEk1HaGK2m8:m4jCfwPS9m/vPCLgjuzDWGIJ1HAZ8
Static task
static1
Behavioral task
behavioral1
Sample
whitegick.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jaszredony.hu - Port:
587 - Username:
[email protected] - Password:
jRedony77 - Email To:
[email protected]
Targets
-
-
Target
whitegick.exe
-
Size
1.1MB
-
MD5
dc4259b113353acfe97ed36b01b1e8b1
-
SHA1
83882dc9fc7b2151f3f11dc76a09dd07f861792b
-
SHA256
8baa0339be00a7457f550ab4e5bfb5c35a7c62982fcf3b0b5669fa9f75024266
-
SHA512
eb035c6b8f8697c35eb1b7c27077c091c099831fc14b7c1f27d0feb500949c3526bcabd84d425de21f8595160abeaa9c7d14bad3da13585024ec19d9e53bd6f3
-
SSDEEP
24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8aL3KnjFKFNUz:zTvC/MTQYxsWR7aLwIc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-