General
-
Target
0000c5421cc5825b721172d62380ef7a41951b119082b1414cc11cb2b643e01a
-
Size
905KB
-
Sample
241116-bgwbrswgmb
-
MD5
adda41bc016e39fc416640904a8019ab
-
SHA1
310b1226b93600693cb20d719cb3f3ace029012e
-
SHA256
0000c5421cc5825b721172d62380ef7a41951b119082b1414cc11cb2b643e01a
-
SHA512
405f8e5ed648cf7226fa1a4cde6367217dcad3a3b9ca678ee6e30e66c45c0f7daa4ab65f130973cabffb9c0da0bf091ebd074c361166ea18d75012b4d45a7012
-
SSDEEP
12288:MTf6wtJmcKE2pb57I8n+mVjExISjGwIVYvzsEmUkPa9f1BFLKnqrOyb:M+C2t5s8+GY+6Govzsdv+1CLu
Static task
static1
Behavioral task
behavioral1
Sample
0000c5421cc5825b721172d62380ef7a41951b119082b1414cc11cb2b643e01a.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
0000c5421cc5825b721172d62380ef7a41951b119082b1414cc11cb2b643e01a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
@Veronica24 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
@Veronica24
Targets
-
-
Target
0000c5421cc5825b721172d62380ef7a41951b119082b1414cc11cb2b643e01a
-
Size
905KB
-
MD5
adda41bc016e39fc416640904a8019ab
-
SHA1
310b1226b93600693cb20d719cb3f3ace029012e
-
SHA256
0000c5421cc5825b721172d62380ef7a41951b119082b1414cc11cb2b643e01a
-
SHA512
405f8e5ed648cf7226fa1a4cde6367217dcad3a3b9ca678ee6e30e66c45c0f7daa4ab65f130973cabffb9c0da0bf091ebd074c361166ea18d75012b4d45a7012
-
SSDEEP
12288:MTf6wtJmcKE2pb57I8n+mVjExISjGwIVYvzsEmUkPa9f1BFLKnqrOyb:M+C2t5s8+GY+6Govzsdv+1CLu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1