General
-
Target
doc20240624-00073.img
-
Size
1.2MB
-
Sample
240624-nds4fsyhjd
-
MD5
7bb5aeb0421f2aa8cc616a9c72a43ee4
-
SHA1
7af351e1fa332e005e7242d5aa3a6510903f0572
-
SHA256
85efb78f902d1befca94b2e9b0b7223c4e320e409e21b5b029a88ebce5587b46
-
SHA512
26e2e76fa4772cd6c7ca3c422ada36eb05a3788276ad2fef4b88b5831ee8aef142a25c19fe5ebde876a7b44eb209f4de9b1427557e67b4d839ba16622609ae2d
-
SSDEEP
6144:k4SUjhtcUB6uitM/DOfM1PzrgFswogtKxaqcYe29nOAw3YLS/KSGBG9xNG1:rilWLe+P0swbEXcX2NOAK/KH8NG
Static task
static1
Behavioral task
behavioral1
Sample
doc20240624-00073.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
doc20240624-00073.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cpanel17.rackforest.com - Port:
587 - Username:
[email protected] - Password:
boygirl123456 - Email To:
[email protected]
Targets
-
-
Target
doc20240624-00073.bat
-
Size
623KB
-
MD5
43970c342a6f6849918eff777d391439
-
SHA1
58a9e9e70a97dc454e5462259a90709c8df789f6
-
SHA256
9a46488fbf68e28b2f3e84183fe6100ad7b0a0f72628ca90f02de0b05a8ff5fc
-
SHA512
e6ab83f9431d3baa50201947a06851f5b74916b48b64d068cddb453c5addc9b7cf39d1246d83d70fc18fadb46c854f6c22535d42a080ee9d624ff9fb30104200
-
SSDEEP
6144:Z4SUjhtcUB6uitM/DOfM1PzrgFswogtKxaqcYe29nOAw3YLS/KSGBG9xNG1E:CilWLe+P0swbEXcX2NOAK/KH8NGC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-