General
-
Target
2d0b309226a7b864cf7507c25a485ce2a0c19db9223815e2bac316f0116998bb
-
Size
405KB
-
Sample
240629-bh7feszgnl
-
MD5
c02098af34d90ae140b38db85479660d
-
SHA1
36366846c9277ff66caa5d43b778be631bcf55ea
-
SHA256
2d0b309226a7b864cf7507c25a485ce2a0c19db9223815e2bac316f0116998bb
-
SHA512
fbb429e56f4d608f6bb87dc034c69d2003b48ae12b06e48fbec32836a714111464618218eaf764d1a13159d86d13f0cbe8eabac9488ef04551a00609c251d58a
-
SSDEEP
12288:77HwIINuv4cqjmJm/X1yER6qyMmQrvTeOYb:77HwIINkNq4m/FHzyquOYb
Static task
static1
Behavioral task
behavioral1
Sample
tstuurjfhe534.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
tstuurjfhe534.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
%qroUozO;(C2Rlyb - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
%qroUozO;(C2Rlyb
Targets
-
-
Target
tstuurjfhe534.exe
-
Size
628KB
-
MD5
ee8ba1ae20ee09f35c98f535e2b51210
-
SHA1
b01d6541adad49dc1440521e894ae606a2e7d222
-
SHA256
fedc7f3f325cb297223bcb71a3ed165bfaed3c34fe9ca67afeb1bc480717d0ba
-
SHA512
fd69345367422769d251b5e18b2e34465bd6c9d5eb4c3a429ebe06b0f45b6bde847f83631aed024cad9a97ee0614313a2ac9899683c582632940f7e4dea63f93
-
SSDEEP
12288:w5kndm1CoGhLnuPpq6SVQS51HwaMma1xQgTj:LngUBWgVLbwacxBH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-