General
-
Target
02c3b5f839835e6735b68fdda6047a51ba7e15185ee2ecfb9453c851dcea792b
-
Size
1.1MB
-
Sample
240630-bypkjs1hlg
-
MD5
1578aa8133e0536d5fa8de7c24d73387
-
SHA1
1e14d2f296db56eeedb9034e68931534fc83d2b3
-
SHA256
02c3b5f839835e6735b68fdda6047a51ba7e15185ee2ecfb9453c851dcea792b
-
SHA512
7916af656d1188d5f3b2685d09b434b897b2250f0deed807b70e78022f18f14015b671a0cf2b1aa8a16afb4b98ed43fddf87eb9509ae10ba021f5cc4160df16a
-
SSDEEP
24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8a33Zkydpt3+X7:6TvC/MTQYxsWR7anTptOX
Static task
static1
Behavioral task
behavioral1
Sample
02c3b5f839835e6735b68fdda6047a51ba7e15185ee2ecfb9453c851dcea792b.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
02c3b5f839835e6735b68fdda6047a51ba7e15185ee2ecfb9453c851dcea792b.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jaszredony.hu - Port:
587 - Username:
[email protected] - Password:
jRedony77 - Email To:
[email protected]
Targets
-
-
Target
02c3b5f839835e6735b68fdda6047a51ba7e15185ee2ecfb9453c851dcea792b
-
Size
1.1MB
-
MD5
1578aa8133e0536d5fa8de7c24d73387
-
SHA1
1e14d2f296db56eeedb9034e68931534fc83d2b3
-
SHA256
02c3b5f839835e6735b68fdda6047a51ba7e15185ee2ecfb9453c851dcea792b
-
SHA512
7916af656d1188d5f3b2685d09b434b897b2250f0deed807b70e78022f18f14015b671a0cf2b1aa8a16afb4b98ed43fddf87eb9509ae10ba021f5cc4160df16a
-
SSDEEP
24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8a33Zkydpt3+X7:6TvC/MTQYxsWR7anTptOX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-