General
-
Target
1668fa70cde6e9a1376528c23e8d4fecc9267ae0473963ec8126e4836a7855d3.exe
-
Size
841KB
-
Sample
221208-n6xbksch4z
-
MD5
9ae56d69920ad0f86e565db4c1be538f
-
SHA1
e02013cfe11f61d5490d7cd080da03bf662fb489
-
SHA256
1668fa70cde6e9a1376528c23e8d4fecc9267ae0473963ec8126e4836a7855d3
-
SHA512
551d70df92e19fdcf064e104cde150ebf17468a3bc5929ab653dbd8ad9ddef3c6242f13549161bcb0f227344fe83539c37a3eac59a5fed5144ce7bd6c905a85b
-
SSDEEP
24576:sNABfegjab/IprMPJ6yIIwBvBWB4DhCA:sNAVab/ISPIIwjrs
Static task
static1
Behavioral task
behavioral1
Sample
1668fa70cde6e9a1376528c23e8d4fecc9267ae0473963ec8126e4836a7855d3.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1668fa70cde6e9a1376528c23e8d4fecc9267ae0473963ec8126e4836a7855d3.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.symmdentaesthetics.com/ - Port:
21 - Username:
mob@symmdentaesthetics.com - Password:
mobility
Protocol: ftp- Host:
ftp://ftp.symmdentaesthetics.com/ - Port:
21 - Username:
mob@symmdentaesthetics.com - Password:
mobility
Targets
-
-
Target
1668fa70cde6e9a1376528c23e8d4fecc9267ae0473963ec8126e4836a7855d3.exe
-
Size
841KB
-
MD5
9ae56d69920ad0f86e565db4c1be538f
-
SHA1
e02013cfe11f61d5490d7cd080da03bf662fb489
-
SHA256
1668fa70cde6e9a1376528c23e8d4fecc9267ae0473963ec8126e4836a7855d3
-
SHA512
551d70df92e19fdcf064e104cde150ebf17468a3bc5929ab653dbd8ad9ddef3c6242f13549161bcb0f227344fe83539c37a3eac59a5fed5144ce7bd6c905a85b
-
SSDEEP
24576:sNABfegjab/IprMPJ6yIIwBvBWB4DhCA:sNAVab/ISPIIwjrs
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-