General
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.31096.7527.exe
-
Size
2.2MB
-
Sample
221207-kgf2hsdg6y
-
MD5
c19e64d1bb68322c1abc0b535bcbce15
-
SHA1
90c259d09774942902e1aa43e020bd621bf9a547
-
SHA256
b3309e7b305f37f596c95916b7172c6b929888da029f0d5cbb95e17400e83a84
-
SHA512
529b58676e1a3de7451f80d335cc65def88e187e31e06ed5a909427661dea02e507ada61ab29d29615836eb732d39893b01931b8c25fdc90303817193e240c3f
-
SSDEEP
49152:nCAzrjHjBYyz2Z/ZrJJxsIKHyRXGsrSVD+9AAxKmxwz:nCAzz/z+JJxJFnri+9Aowz
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.MalwareX-gen.31096.7527.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.MalwareX-gen.31096.7527.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
qvomoeworkyzeqvn
Targets
-
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.31096.7527.exe
-
Size
2.2MB
-
MD5
c19e64d1bb68322c1abc0b535bcbce15
-
SHA1
90c259d09774942902e1aa43e020bd621bf9a547
-
SHA256
b3309e7b305f37f596c95916b7172c6b929888da029f0d5cbb95e17400e83a84
-
SHA512
529b58676e1a3de7451f80d335cc65def88e187e31e06ed5a909427661dea02e507ada61ab29d29615836eb732d39893b01931b8c25fdc90303817193e240c3f
-
SSDEEP
49152:nCAzrjHjBYyz2Z/ZrJJxsIKHyRXGsrSVD+9AAxKmxwz:nCAzz/z+JJxJFnri+9Aowz
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-