General
-
Target
953a44794418c979499cd3175d0ea6f09faffed22ad238521af611ec8880d2a4
-
Size
748KB
-
Sample
241122-bt9pxs1nfz
-
MD5
7704da3d6a858dce0dc8e10e9f9d7522
-
SHA1
da297718714f8d998f4e3a60b75d8fdf575e10be
-
SHA256
953a44794418c979499cd3175d0ea6f09faffed22ad238521af611ec8880d2a4
-
SHA512
f4f31a1eb6b33c14069f39fd916a7b05c2de823bf2089845d0e146a3ca48089904e37f368a449c4e2eae4e5501a3dac19830029f726e0bbfd7822d74f1fa118d
-
SSDEEP
12288:sF3wtfRzxWWQhOu24pv1qJIqkzMjsXSf/hHgo1WYVPZmsh4oEZcQFyyS0+EriA3p:sFMpzxWTTvAKqWtMpAizLB1qvFViEriZ
Static task
static1
Behavioral task
behavioral1
Sample
953a44794418c979499cd3175d0ea6f09faffed22ad238521af611ec8880d2a4.exe
Resource
win7-20240729-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.showpiece.trillennium.biz - Port:
587 - Username:
[email protected] - Password:
3KJ[T.3]fsSW - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.showpiece.trillennium.biz - Port:
587 - Username:
[email protected] - Password:
3KJ[T.3]fsSW
Targets
-
-
Target
953a44794418c979499cd3175d0ea6f09faffed22ad238521af611ec8880d2a4
-
Size
748KB
-
MD5
7704da3d6a858dce0dc8e10e9f9d7522
-
SHA1
da297718714f8d998f4e3a60b75d8fdf575e10be
-
SHA256
953a44794418c979499cd3175d0ea6f09faffed22ad238521af611ec8880d2a4
-
SHA512
f4f31a1eb6b33c14069f39fd916a7b05c2de823bf2089845d0e146a3ca48089904e37f368a449c4e2eae4e5501a3dac19830029f726e0bbfd7822d74f1fa118d
-
SSDEEP
12288:sF3wtfRzxWWQhOu24pv1qJIqkzMjsXSf/hHgo1WYVPZmsh4oEZcQFyyS0+EriA3p:sFMpzxWTTvAKqWtMpAizLB1qvFViEriZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-