General
-
Target
67a8b2077a1aa43d393b1f843e556fd030c13dbe7a0e041d41c86fe233bddb38.exe
-
Size
1.5MB
-
Sample
240917-bl9pysyerg
-
MD5
0324d879405e1ccc8f081aa524ca969b
-
SHA1
6fa210c37b26b25afc1c7a90cbef7da8f7f98d90
-
SHA256
67a8b2077a1aa43d393b1f843e556fd030c13dbe7a0e041d41c86fe233bddb38
-
SHA512
8ec78655b9efb28dfd0d184473515bc5636b0b1ceebe1a59d579988a3ce3164b338966478142d6562ee593d14b892003f0a7c960f5be6029d85fd6011b22f371
-
SSDEEP
24576:UqDEvCTbMWu7rQYlBQcBiT6rprG8apYE0uVyhx2IFEmUcWVNAOcocj3s:UTvC/MTQYxsWR7apYOyhx7DUcWPAtocb
Static task
static1
Behavioral task
behavioral1
Sample
67a8b2077a1aa43d393b1f843e556fd030c13dbe7a0e041d41c86fe233bddb38.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
67a8b2077a1aa43d393b1f843e556fd030c13dbe7a0e041d41c86fe233bddb38.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mahesh-ent.com - Port:
587 - Username:
[email protected] - Password:
M@hesh3981 - Email To:
[email protected]
Targets
-
-
Target
67a8b2077a1aa43d393b1f843e556fd030c13dbe7a0e041d41c86fe233bddb38.exe
-
Size
1.5MB
-
MD5
0324d879405e1ccc8f081aa524ca969b
-
SHA1
6fa210c37b26b25afc1c7a90cbef7da8f7f98d90
-
SHA256
67a8b2077a1aa43d393b1f843e556fd030c13dbe7a0e041d41c86fe233bddb38
-
SHA512
8ec78655b9efb28dfd0d184473515bc5636b0b1ceebe1a59d579988a3ce3164b338966478142d6562ee593d14b892003f0a7c960f5be6029d85fd6011b22f371
-
SSDEEP
24576:UqDEvCTbMWu7rQYlBQcBiT6rprG8apYE0uVyhx2IFEmUcWVNAOcocj3s:UTvC/MTQYxsWR7apYOyhx7DUcWPAtocb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-