General
-
Target
a471e88b1cb62af98534d61c26dd1973.exe
-
Size
1.1MB
-
Sample
221126-bms4laeg8w
-
MD5
a471e88b1cb62af98534d61c26dd1973
-
SHA1
e9265d4b74ee8b09f60e1ab391691a90d19988ff
-
SHA256
6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158
-
SHA512
0954f6dac7062861892394a8daebe248eb93e2e0e56cb2784287479ca80b113725f21a3fde25e791027f10fc580129dbaa84c7a9f6ff63cefb465d3ff1c49f6f
-
SSDEEP
24576:LAOcZXMungWgkTJgO4KnmdMLFspB6Q7CqF+7f:NrkTmWnmdMLE8Q7m
Static task
static1
Behavioral task
behavioral1
Sample
a471e88b1cb62af98534d61c26dd1973.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a471e88b1cb62af98534d61c26dd1973.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
rebudnew.shop - Port:
587 - Username:
[email protected] - Password:
SV(G!Dl;=T]k - Email To:
[email protected]
Targets
-
-
Target
a471e88b1cb62af98534d61c26dd1973.exe
-
Size
1.1MB
-
MD5
a471e88b1cb62af98534d61c26dd1973
-
SHA1
e9265d4b74ee8b09f60e1ab391691a90d19988ff
-
SHA256
6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158
-
SHA512
0954f6dac7062861892394a8daebe248eb93e2e0e56cb2784287479ca80b113725f21a3fde25e791027f10fc580129dbaa84c7a9f6ff63cefb465d3ff1c49f6f
-
SSDEEP
24576:LAOcZXMungWgkTJgO4KnmdMLFspB6Q7CqF+7f:NrkTmWnmdMLE8Q7m
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-