General
-
Target
24e3d6aaad467448446fb62b3c75da9f6afb48ab6b521650b33a40de920b3d9a.exe
-
Size
3.0MB
-
Sample
240705-bg4yxaydlq
-
MD5
f920245903cc3b13b891c2be9e76e318
-
SHA1
2c3bd78ba92cab90ebc95fdb39cbd88a7408b181
-
SHA256
24e3d6aaad467448446fb62b3c75da9f6afb48ab6b521650b33a40de920b3d9a
-
SHA512
a65de0e0744f89883573475bcc0d2eb464d28ae0ce548c2a22c80826efdc6bff331dd8062488883e60e028a293eb51e474a61b5f81924cd8be027952c5735ff4
-
SSDEEP
24576:ai77Lx3hzqGU3E87W0rP+rsWTKMFUVWM32Tl0gFgZlFuhvYf3oZ5sBDs8EYvsE2J:p77LvQE87W0HWTKM4K0gFgZlJ3T/R2
Static task
static1
Behavioral task
behavioral1
Sample
24e3d6aaad467448446fb62b3c75da9f6afb48ab6b521650b33a40de920b3d9a.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
24e3d6aaad467448446fb62b3c75da9f6afb48ab6b521650b33a40de920b3d9a.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Sl!KOtF7 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Sl!KOtF7
Targets
-
-
Target
24e3d6aaad467448446fb62b3c75da9f6afb48ab6b521650b33a40de920b3d9a.exe
-
Size
3.0MB
-
MD5
f920245903cc3b13b891c2be9e76e318
-
SHA1
2c3bd78ba92cab90ebc95fdb39cbd88a7408b181
-
SHA256
24e3d6aaad467448446fb62b3c75da9f6afb48ab6b521650b33a40de920b3d9a
-
SHA512
a65de0e0744f89883573475bcc0d2eb464d28ae0ce548c2a22c80826efdc6bff331dd8062488883e60e028a293eb51e474a61b5f81924cd8be027952c5735ff4
-
SSDEEP
24576:ai77Lx3hzqGU3E87W0rP+rsWTKMFUVWM32Tl0gFgZlFuhvYf3oZ5sBDs8EYvsE2J:p77LvQE87W0HWTKM4K0gFgZlJ3T/R2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-