General
-
Target
934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7
-
Size
1.2MB
-
Sample
240630-bwgrxs1gqf
-
MD5
f78535a3f5e84f626e1018e587b5b588
-
SHA1
8200afc4d351323230fcc4b0a76b529b5d052134
-
SHA256
934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7
-
SHA512
7538b16da90041b285721ec6d626ffa8ed7fd83c39d8f03fca6657cc7474ca1cffff48b92f48871a409d9fdf48620d09e455de4f0914a4883d2435521767a455
-
SSDEEP
24576:+AHnh+eWsN3skA4RV1Hom2KXMmHaHFUc7+2b1Vck0VwCRla4CTwUUF5:ph+ZkldoPK8YaHFU2pbBgwilarM
Static task
static1
Behavioral task
behavioral1
Sample
934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.divanrestoran.com - Port:
587 - Username:
[email protected] - Password:
Div987654-_
Targets
-
-
Target
934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7
-
Size
1.2MB
-
MD5
f78535a3f5e84f626e1018e587b5b588
-
SHA1
8200afc4d351323230fcc4b0a76b529b5d052134
-
SHA256
934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7
-
SHA512
7538b16da90041b285721ec6d626ffa8ed7fd83c39d8f03fca6657cc7474ca1cffff48b92f48871a409d9fdf48620d09e455de4f0914a4883d2435521767a455
-
SSDEEP
24576:+AHnh+eWsN3skA4RV1Hom2KXMmHaHFUc7+2b1Vck0VwCRla4CTwUUF5:ph+ZkldoPK8YaHFU2pbBgwilarM
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-