General
-
Target
21012025_2349_21012025_Ref#8520163.rar
-
Size
183KB
-
Sample
250121-3t7n4sxqdq
-
MD5
8cfd588be8c79797a58a8a80344fed82
-
SHA1
b5e72c2d6901acac2ae5c4c702c291346dae97fc
-
SHA256
535a4e9aa5f3196873a3df5dc2c62c4d49965c1e087004ddeb740244c674c2c0
-
SHA512
cccac1c4757159f3f1ed7b8a34fa68342b083aa9ec5742320bd01fc407650bff435eb0dc07e5de7131b850f1b4353ec736d4b8092b2397456dcfe25a7773097b
-
SSDEEP
3072:bzu8etLASAEOGbkgRovEATXvjlB4oxdsD3CJ0u1hOZw3dwujemGQbJvpETwu:3yLsEZkSMtXVdO3gbhZ3d3jxnTuwu
Static task
static1
Behavioral task
behavioral1
Sample
Ref#8520163.exe
Resource
win7-20240729-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
ABwuRZS5Mjh5 - Email To:
[email protected]
Targets
-
-
Target
Ref#8520163.exe
-
Size
550KB
-
MD5
cc2dd1190955e9f7541891da1a9f6821
-
SHA1
a16680ac39d22199203933b62382b90ffba3dd4d
-
SHA256
c5daf9f6683fd5aa8f434ed963a20e7a89ff6f31a94ccee21dc6d58eb6502ad1
-
SHA512
b86071af21ad517c7e39f49e4347ecee1361cccce1bf15159ce9990b2465fbece2f6748a941f3b380a58888aaf735031160016558df8be5030bd233d23260a7c
-
SSDEEP
6144:utRRUEOmuauSSLuaFjYZaQqRbcoMLO9ohmVoxOaHcBBt7VFFplA2iAr1:qYElucSKaFj5WOraxL8BBXFFg2iQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-