General
-
Target
Vsl_MV DART TRADER_001.exe
-
Size
1.1MB
-
Sample
240701-dwwxysvcna
-
MD5
bea81206cd6ada6de59c5c8b0aff3ce5
-
SHA1
feb515e9c9377a0015a764570866dca3cf28f85d
-
SHA256
a08785ae5e788036932207c2c264090c10b9346e7822ea109a98dd59a95d9ef9
-
SHA512
800b8e76cc46d02a6ec63b8003c1e5357a2b5f076fa35d55840951738e0bb91b6b704b7cb8ce3def5f420f55ff45f055712a09912dcc35a6a514f650147698d9
-
SSDEEP
24576:NAHnh+eWsN3skA4RV1Hom2KXMmHatS2NV4hXdjcN/RT65:sh+ZkldoPK8YatDktjU/Rs
Static task
static1
Behavioral task
behavioral1
Sample
Vsl_MV DART TRADER_001.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Vsl_MV DART TRADER_001.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Port:
587 - Username:
[email protected]
Targets
-
-
Target
Vsl_MV DART TRADER_001.exe
-
Size
1.1MB
-
MD5
bea81206cd6ada6de59c5c8b0aff3ce5
-
SHA1
feb515e9c9377a0015a764570866dca3cf28f85d
-
SHA256
a08785ae5e788036932207c2c264090c10b9346e7822ea109a98dd59a95d9ef9
-
SHA512
800b8e76cc46d02a6ec63b8003c1e5357a2b5f076fa35d55840951738e0bb91b6b704b7cb8ce3def5f420f55ff45f055712a09912dcc35a6a514f650147698d9
-
SSDEEP
24576:NAHnh+eWsN3skA4RV1Hom2KXMmHatS2NV4hXdjcN/RT65:sh+ZkldoPK8YatDktjU/Rs
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-