General
-
Target
583c8a0acd724f69a4edbd8eb8833c5b.exe.vir
-
Size
1.1MB
-
Sample
221129-pv75dach3s
-
MD5
ccda22c9beeb6a79a634377d3d1a703d
-
SHA1
09852e67fdb9758e57f114f86c68def3fa1cbb0a
-
SHA256
5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001
-
SHA512
835c656fb90cdfc826afb7c7d39b40156f864513b143e14d237ebe711cc07fd2ad63d72f3d0d083814d7cfa364f40ab914353d7759169135bf55624fbc4de3fe
-
SSDEEP
24576:LAOcZXMunREVu+1KT4pZsGT06weRVZxy4KnmdMLFspB6Q7Cj:N4Ku+1HTTweX+nmdMLE8Q7C
Static task
static1
Behavioral task
behavioral1
Sample
583c8a0acd724f69a4edbd8eb8833c5b.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
583c8a0acd724f69a4edbd8eb8833c5b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
openheaven83@mail.ru - Password:
4c0Bm1FRJcrjQu3MYpd7
Targets
-
-
Target
583c8a0acd724f69a4edbd8eb8833c5b.exe.vir
-
Size
1.1MB
-
MD5
ccda22c9beeb6a79a634377d3d1a703d
-
SHA1
09852e67fdb9758e57f114f86c68def3fa1cbb0a
-
SHA256
5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001
-
SHA512
835c656fb90cdfc826afb7c7d39b40156f864513b143e14d237ebe711cc07fd2ad63d72f3d0d083814d7cfa364f40ab914353d7759169135bf55624fbc4de3fe
-
SSDEEP
24576:LAOcZXMunREVu+1KT4pZsGT06weRVZxy4KnmdMLFspB6Q7Cj:N4Ku+1HTTweX+nmdMLE8Q7C
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-