General
-
Target
be700b3cf3b03bda8e1d549596280d75acb88c30f64eb1d9dda21c09e4216ac9N
-
Size
1.0MB
-
Sample
241110-bw6q2swhla
-
MD5
0b0b9b6dce9a70a1cc10a9ec85c11e00
-
SHA1
2c3c3b7e492e3709bb5351476c0a2a7bbdba3697
-
SHA256
be700b3cf3b03bda8e1d549596280d75acb88c30f64eb1d9dda21c09e4216ac9
-
SHA512
b3e1efa554c56a5a4ac1c15479922faccc463fcce87c8cde5fbef474ea6443707ac78962c3c341f519ab97dbce3884963946dd3e016e9653bd308cc553653628
-
SSDEEP
12288:2bIrE0Sq+sMD/BPyf13SFyIz8VOHazm/SIo6I6JT/sofpdC5rOVUSo:YIo0SztPyf13WyOHaY/sofXC5K
Static task
static1
Behavioral task
behavioral1
Sample
be700b3cf3b03bda8e1d549596280d75acb88c30f64eb1d9dda21c09e4216ac9N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
be700b3cf3b03bda8e1d549596280d75acb88c30f64eb1d9dda21c09e4216ac9N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.eu - Port:
587 - Username:
[email protected] - Password:
office12#
Extracted
agenttesla
Protocol: smtp- Host:
smtp.zoho.eu - Port:
587 - Username:
[email protected] - Password:
office12# - Email To:
[email protected]
Targets
-
-
Target
be700b3cf3b03bda8e1d549596280d75acb88c30f64eb1d9dda21c09e4216ac9N
-
Size
1.0MB
-
MD5
0b0b9b6dce9a70a1cc10a9ec85c11e00
-
SHA1
2c3c3b7e492e3709bb5351476c0a2a7bbdba3697
-
SHA256
be700b3cf3b03bda8e1d549596280d75acb88c30f64eb1d9dda21c09e4216ac9
-
SHA512
b3e1efa554c56a5a4ac1c15479922faccc463fcce87c8cde5fbef474ea6443707ac78962c3c341f519ab97dbce3884963946dd3e016e9653bd308cc553653628
-
SSDEEP
12288:2bIrE0Sq+sMD/BPyf13SFyIz8VOHazm/SIo6I6JT/sofpdC5rOVUSo:YIo0SztPyf13WyOHaY/sofXC5K
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1