General
-
Target
1dcbab39d8af3205a4f6c01e7dd3ce6dbced795c300013f1650d812e80aac580
-
Size
697KB
-
Sample
241121-jk11esvjbj
-
MD5
94c591be2372a5ce973a3052ea552b37
-
SHA1
0b2b55e50786af03b2c75e084946891da9e422e3
-
SHA256
1dcbab39d8af3205a4f6c01e7dd3ce6dbced795c300013f1650d812e80aac580
-
SHA512
060f0117a6816e9c5681a7fa0632527205484ad3b8167a3dbb55e5b839b0a7439bd020931e38dea5ebecdafd14109cde13f936dc02a01aa0a41afc9d5de83c10
-
SSDEEP
12288:7Kv4H0zp+8uxK1ZpWXTjjEhMqL+8mfqgwnB18VapGL05R7KamcdsqqVyZkpU:7q4cw8ODHOMqLESg4Bt205Qah6VRpU
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION - URGENT.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
REQUEST FOR QUOTATION - URGENT.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.starmech.net - Port:
587 - Username:
[email protected] - Password:
nics123 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.starmech.net - Port:
587 - Username:
[email protected] - Password:
nics123
Targets
-
-
Target
REQUEST FOR QUOTATION - URGENT.exe
-
Size
959KB
-
MD5
576bf1414c3a6cedb920100cffd76442
-
SHA1
9cbed7b8a4d8a627efb136d56739c17736ae5fea
-
SHA256
9af1bebf820242bdf04bc9a02ec681cac738353998ca9474716febfeb6bb200d
-
SHA512
b4bec576df727d792e414733a37bcd593c0469fa9b45d475236873fc26b33e7c11095ae4df00af1fd6c2a6587c1c77e2c5f79151e6caba40d66ce8c96a6d1011
-
SSDEEP
24576:3ijXbz23zxW9ozm3ai+BBvHLAGtMi5Qdsw:Kz29WYmtO5rFtMi8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1