General
-
Target
33dde1b0ba1d8b0539bd50cbf3ebb0493a4e5ceb7ccaea339015adc32e00a46c
-
Size
1.1MB
-
Sample
240630-bc5dwa1cpf
-
MD5
0fc28f04b75808f4e8f2c2947ea1f164
-
SHA1
d88244f554b5ec2d569a96fa74661ce1cc517028
-
SHA256
33dde1b0ba1d8b0539bd50cbf3ebb0493a4e5ceb7ccaea339015adc32e00a46c
-
SHA512
1c99c1800a0a6872fa2d9f816a7e0d8544133d3f9bc5fbfd8323d32e317d508016d973f837931798973a2f1a5e9522954e781b9fc5775be18a1c3a09b0ad9145
-
SSDEEP
24576:xqDEvCTbMWu7rQYlBQcBiT6rprG8aE36KWzYoY:xTvC/MTQYxsWR7aMbWz
Static task
static1
Behavioral task
behavioral1
Sample
33dde1b0ba1d8b0539bd50cbf3ebb0493a4e5ceb7ccaea339015adc32e00a46c.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
33dde1b0ba1d8b0539bd50cbf3ebb0493a4e5ceb7ccaea339015adc32e00a46c.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jaszredony.hu - Port:
587 - Username:
[email protected] - Password:
jRedony77 - Email To:
[email protected]
Targets
-
-
Target
33dde1b0ba1d8b0539bd50cbf3ebb0493a4e5ceb7ccaea339015adc32e00a46c
-
Size
1.1MB
-
MD5
0fc28f04b75808f4e8f2c2947ea1f164
-
SHA1
d88244f554b5ec2d569a96fa74661ce1cc517028
-
SHA256
33dde1b0ba1d8b0539bd50cbf3ebb0493a4e5ceb7ccaea339015adc32e00a46c
-
SHA512
1c99c1800a0a6872fa2d9f816a7e0d8544133d3f9bc5fbfd8323d32e317d508016d973f837931798973a2f1a5e9522954e781b9fc5775be18a1c3a09b0ad9145
-
SSDEEP
24576:xqDEvCTbMWu7rQYlBQcBiT6rprG8aE36KWzYoY:xTvC/MTQYxsWR7aMbWz
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-