General
-
Target
0dd723bd1d59072f6f4dbcf89647cd9f6aaa604280029fc3fe871908087c2c26.exe
-
Size
561KB
-
Sample
240711-jw468azapc
-
MD5
a3f0cebb9b684121e5db16199f7d22fb
-
SHA1
aaf097bc35a6e86c7ae1edc686db90b4a783ad42
-
SHA256
0dd723bd1d59072f6f4dbcf89647cd9f6aaa604280029fc3fe871908087c2c26
-
SHA512
58d7f169ca18157cc08d7fb8ef26d7374049e8dc7fcb474f5f34b4dd16c8eaa44eef93fcd0fe8377814f5b808e5256cccb86d916821eb5c659028f652d97f980
-
SSDEEP
6144:WGemqFepW9/ZvkdEHSHh092pAl3CmY5XJkrQiqcEKiGGORnFCViBP4LMnBrnhs9:umnpcQ1h4aXJkrQiqhbO3Q4n3g
Static task
static1
Behavioral task
behavioral1
Sample
0dd723bd1d59072f6f4dbcf89647cd9f6aaa604280029fc3fe871908087c2c26.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
0dd723bd1d59072f6f4dbcf89647cd9f6aaa604280029fc3fe871908087c2c26.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fasmacopy.gr - Port:
587 - Username:
[email protected] - Password:
Fam28sjd - Email To:
[email protected]
Targets
-
-
Target
0dd723bd1d59072f6f4dbcf89647cd9f6aaa604280029fc3fe871908087c2c26.exe
-
Size
561KB
-
MD5
a3f0cebb9b684121e5db16199f7d22fb
-
SHA1
aaf097bc35a6e86c7ae1edc686db90b4a783ad42
-
SHA256
0dd723bd1d59072f6f4dbcf89647cd9f6aaa604280029fc3fe871908087c2c26
-
SHA512
58d7f169ca18157cc08d7fb8ef26d7374049e8dc7fcb474f5f34b4dd16c8eaa44eef93fcd0fe8377814f5b808e5256cccb86d916821eb5c659028f652d97f980
-
SSDEEP
6144:WGemqFepW9/ZvkdEHSHh092pAl3CmY5XJkrQiqcEKiGGORnFCViBP4LMnBrnhs9:umnpcQ1h4aXJkrQiqhbO3Q4n3g
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
e23600029d1b09bdb1d422fb4e46f5a6
-
SHA1
5d64a2f6a257a98a689a3db9a087a0fd5f180096
-
SHA256
7342b73593b3aa1b15e3731bfb1afd1961802a5c66343bac9a2c737ee94f4e38
-
SHA512
c971f513142633ce0e6ec6a04c754a286da8016563dab368c3fac83aef81fa3e9df1003c4b63d00a46351a9d18eaa7ae7645caef172e5e1d6e29123ab864e7ac
-
SSDEEP
192:Vm9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:QJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j
Score3/10 -