General
-
Target
TELEX_COPY.exe
-
Size
7KB
-
Sample
221207-w774gaff46
-
MD5
397f8a607d6af678e60f96ac4c558abf
-
SHA1
191fc8b2721bc4e2c1a5cacac45deff8806349e4
-
SHA256
6edf2090f396f8b0fe0846194add30c81ff740e21599fb660a5f6433474de8c7
-
SHA512
c8cb178786b3137c6c286313c4883f5d32780ab87ded4ca8e5d45d1092a2fd448dab5b4ae5dc2f08b922671817d1d0120fe880c17a29a362282395e8f896024b
-
SSDEEP
96:swwki/Hu3fwboM+xNF8zZYLOEwnAWokY8cOP/VlYAR4ckjcAQghzNt:snB/HEV0zCLOZn0kYOHXR4Fw3gj
Static task
static1
Behavioral task
behavioral1
Sample
TELEX_COPY.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
TELEX_COPY.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
svrvaad.tk - Port:
587 - Username:
logs@svrvaad.tk - Password:
Kelechikelechi1@
Targets
-
-
Target
TELEX_COPY.exe
-
Size
7KB
-
MD5
397f8a607d6af678e60f96ac4c558abf
-
SHA1
191fc8b2721bc4e2c1a5cacac45deff8806349e4
-
SHA256
6edf2090f396f8b0fe0846194add30c81ff740e21599fb660a5f6433474de8c7
-
SHA512
c8cb178786b3137c6c286313c4883f5d32780ab87ded4ca8e5d45d1092a2fd448dab5b4ae5dc2f08b922671817d1d0120fe880c17a29a362282395e8f896024b
-
SSDEEP
96:swwki/Hu3fwboM+xNF8zZYLOEwnAWokY8cOP/VlYAR4ckjcAQghzNt:snB/HEV0zCLOZn0kYOHXR4Fw3gj
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-