General
-
Target
dff7bba17ebeb45bdda1b5b5315b34eb0dbac3f0ba2b1b502a5f8cf7b1d95f24
-
Size
661KB
-
Sample
240428-bf4lrach41
-
MD5
807c8925f35b1b37c631f13358051965
-
SHA1
fba6535655e3e7fde3384038eb96478ce8101a93
-
SHA256
dff7bba17ebeb45bdda1b5b5315b34eb0dbac3f0ba2b1b502a5f8cf7b1d95f24
-
SHA512
79a4897d8eceae835285f85ea692e02811df3c79a26087733f7a8a9f7ccb1dd6140267ee31e6373c96cacf977169fe4c27cc862ab6e367bbab3a8bbc980040fa
-
SSDEEP
12288:g128AjqFD1dMTYkZgZ3xMaKkE+8Sj5jDYolFXQOwtYXRjt/7kwmVkR:g128AWFDTMUkOhElKjsol9zhJt/7kwmo
Static task
static1
Behavioral task
behavioral1
Sample
dff7bba17ebeb45bdda1b5b5315b34eb0dbac3f0ba2b1b502a5f8cf7b1d95f24.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
dff7bba17ebeb45bdda1b5b5315b34eb0dbac3f0ba2b1b502a5f8cf7b1d95f24.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
aaronlog@oilandgascomp.xyz - Password:
7213575aceACE@#$ - Email To:
aaron@oilandgascomp.xyz
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
aaronlog@oilandgascomp.xyz - Password:
7213575aceACE@#$
Targets
-
-
Target
dff7bba17ebeb45bdda1b5b5315b34eb0dbac3f0ba2b1b502a5f8cf7b1d95f24
-
Size
661KB
-
MD5
807c8925f35b1b37c631f13358051965
-
SHA1
fba6535655e3e7fde3384038eb96478ce8101a93
-
SHA256
dff7bba17ebeb45bdda1b5b5315b34eb0dbac3f0ba2b1b502a5f8cf7b1d95f24
-
SHA512
79a4897d8eceae835285f85ea692e02811df3c79a26087733f7a8a9f7ccb1dd6140267ee31e6373c96cacf977169fe4c27cc862ab6e367bbab3a8bbc980040fa
-
SSDEEP
12288:g128AjqFD1dMTYkZgZ3xMaKkE+8Sj5jDYolFXQOwtYXRjt/7kwmVkR:g128AWFDTMUkOhElKjsol9zhJt/7kwmo
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-