General
-
Target
agent-tesla.zip
-
Size
905KB
-
Sample
240619-lzyjysybla
-
MD5
ddac69aa0587357763eced80f7f0369c
-
SHA1
694ee5d1dbc30ac80b05b8c8203700f63097f509
-
SHA256
66881cddcd4a40661f2c0e72f812ea7d59314501752d68f1fb5123797a407bac
-
SHA512
2bb7c02cece9d31643b35f53d2ae4c39007361c01effedc1068d506a912feb310187616b2d3ffe81a9512fb1d82c069d6fab963204bb59cc0e295a101be3da23
-
SSDEEP
24576:v2mS7eAOTGvJJ9lauV+3KEwcvPsrQTdRItsihVVzqJDHR70R/ra5:u3vKuyKpcvP4aBJDQa5
Static task
static1
Behavioral task
behavioral1
Sample
Eseguibile-agent-tesla.exe
Resource
win10-20240404-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.aceja.biz - Port:
587 - Username:
[email protected] - Password:
Serenity#2773!
Extracted
agenttesla
Protocol: smtp- Host:
mail.aceja.biz - Port:
587 - Username:
[email protected] - Password:
Serenity#2773! - Email To:
[email protected]
Targets
-
-
Target
Eseguibile-agent-tesla.exe
-
Size
929KB
-
MD5
bcc26da2379e21b521952f6862ce0586
-
SHA1
fd3a8bb6236333592eaafe96fd2f9be751cb20ad
-
SHA256
8deec1e6488e81f0d56dbdcd9dcedc489cee19dae90f9c5461abc0bc58e4b0ad
-
SHA512
6f86b57c0185ede99012e5f9b235890a71e23f1ae7d8777fbf6468948faf3996b1ac745dfe4bb26533991c24adc5ffac8e2dbd1d470db048af3e73dac8b8023a
-
SSDEEP
24576:climYcBCyHDnI79de3UCovQ4b1YzppveQtG9bqnZ:KOcBZH7I79g6ITzppveQtH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-