General
-
Target
c0606c7a28717e12ff2ba17844d4be166dcc9cfa060c98d0bd3b940c79d81ef8.exe
-
Size
544KB
-
Sample
240905-b51w6a1bjj
-
MD5
15ceb47475a86d9b42cb5bb9e92ad101
-
SHA1
86bcebd131167e95dbff902c4fc4669f829b3d81
-
SHA256
c0606c7a28717e12ff2ba17844d4be166dcc9cfa060c98d0bd3b940c79d81ef8
-
SHA512
76031122fa7670ac69965038ea60472917ea16059b23c353db467121a4b2740c9e8ce422d7869fb1868f91e496017a63e03540d5e8eb760a1a8c70720eb9aeef
-
SSDEEP
12288:NYV6MorX7qzuC3QHO9FQVHPF51jgcrzOtOD/eRyCAcFx:iBXu9HGaVHm8/KdfFx
Behavioral task
behavioral1
Sample
c0606c7a28717e12ff2ba17844d4be166dcc9cfa060c98d0bd3b940c79d81ef8.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c0606c7a28717e12ff2ba17844d4be166dcc9cfa060c98d0bd3b940c79d81ef8.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mahesh-ent.com - Port:
587 - Username:
[email protected] - Password:
M@hesh3981 - Email To:
[email protected]
Targets
-
-
Target
c0606c7a28717e12ff2ba17844d4be166dcc9cfa060c98d0bd3b940c79d81ef8.exe
-
Size
544KB
-
MD5
15ceb47475a86d9b42cb5bb9e92ad101
-
SHA1
86bcebd131167e95dbff902c4fc4669f829b3d81
-
SHA256
c0606c7a28717e12ff2ba17844d4be166dcc9cfa060c98d0bd3b940c79d81ef8
-
SHA512
76031122fa7670ac69965038ea60472917ea16059b23c353db467121a4b2740c9e8ce422d7869fb1868f91e496017a63e03540d5e8eb760a1a8c70720eb9aeef
-
SSDEEP
12288:NYV6MorX7qzuC3QHO9FQVHPF51jgcrzOtOD/eRyCAcFx:iBXu9HGaVHm8/KdfFx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-