General
-
Target
a12ee673b117c6f885a48717522d87fe36e56ab0f9259f787c466261e27cddaf
-
Size
1.1MB
-
Sample
240628-cd33waxgmk
-
MD5
4e44ad124adcb879a76b404d37206d13
-
SHA1
b85e92ec81e0f6604658fb71b9c0e44a5f1d4537
-
SHA256
a12ee673b117c6f885a48717522d87fe36e56ab0f9259f787c466261e27cddaf
-
SHA512
37216f90ad734c2cc435b003a19d9872736dfe584a28aa4ce5a6490a8913e3bbbf0f17a6046c9acfaaa4f895c88c6b7f4590620562b20a4b12966328eda54f29
-
SSDEEP
24576:VAHnh+eWsN3skA4RV1Hom2KXMmHan0sNWrBdSRL5:Eh+ZkldoPK8Yan0sNWlU
Static task
static1
Behavioral task
behavioral1
Sample
a12ee673b117c6f885a48717522d87fe36e56ab0f9259f787c466261e27cddaf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a12ee673b117c6f885a48717522d87fe36e56ab0f9259f787c466261e27cddaf.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rrcindia.co.in - Port:
587 - Username:
[email protected] - Password:
Goyal@0783 - Email To:
[email protected]
Targets
-
-
Target
a12ee673b117c6f885a48717522d87fe36e56ab0f9259f787c466261e27cddaf
-
Size
1.1MB
-
MD5
4e44ad124adcb879a76b404d37206d13
-
SHA1
b85e92ec81e0f6604658fb71b9c0e44a5f1d4537
-
SHA256
a12ee673b117c6f885a48717522d87fe36e56ab0f9259f787c466261e27cddaf
-
SHA512
37216f90ad734c2cc435b003a19d9872736dfe584a28aa4ce5a6490a8913e3bbbf0f17a6046c9acfaaa4f895c88c6b7f4590620562b20a4b12966328eda54f29
-
SSDEEP
24576:VAHnh+eWsN3skA4RV1Hom2KXMmHan0sNWrBdSRL5:Eh+ZkldoPK8Yan0sNWlU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-