General
-
Target
f9ae0d40d4f2b88956a1ccfe6cff9aae6a36508574a56595c331d7ca207e5f03.exe
-
Size
1013KB
-
Sample
240629-cdmqwsyclh
-
MD5
1158ab968d9f8996052a319091e3004c
-
SHA1
6f6d2279032adad4c2664d1a863863776ee4f504
-
SHA256
f9ae0d40d4f2b88956a1ccfe6cff9aae6a36508574a56595c331d7ca207e5f03
-
SHA512
720da33c7f18f27bcf96773e54a5f972cb6e2dcfc998cdf53a6a8cf1de9fed253c643d694f82bc35e2b60c8d9afc731c1aa4a52f8af5367d2d6863f559ed73bf
-
SSDEEP
24576:+AHnh+eWsN3skA4RV1Hom2KXMmHa3Tql2yrJu5:ph+ZkldoPK8Ya3TZoa
Static task
static1
Behavioral task
behavioral1
Sample
f9ae0d40d4f2b88956a1ccfe6cff9aae6a36508574a56595c331d7ca207e5f03.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
f9ae0d40d4f2b88956a1ccfe6cff9aae6a36508574a56595c331d7ca207e5f03.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.controlfire.com.mx - Port:
587 - Username:
[email protected] - Password:
+DI9CNZM&Y%W - Email To:
[email protected]
Targets
-
-
Target
f9ae0d40d4f2b88956a1ccfe6cff9aae6a36508574a56595c331d7ca207e5f03.exe
-
Size
1013KB
-
MD5
1158ab968d9f8996052a319091e3004c
-
SHA1
6f6d2279032adad4c2664d1a863863776ee4f504
-
SHA256
f9ae0d40d4f2b88956a1ccfe6cff9aae6a36508574a56595c331d7ca207e5f03
-
SHA512
720da33c7f18f27bcf96773e54a5f972cb6e2dcfc998cdf53a6a8cf1de9fed253c643d694f82bc35e2b60c8d9afc731c1aa4a52f8af5367d2d6863f559ed73bf
-
SSDEEP
24576:+AHnh+eWsN3skA4RV1Hom2KXMmHa3Tql2yrJu5:ph+ZkldoPK8Ya3TZoa
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-