General
-
Target
34f098cea1c9091d52f961989d8953f26c29ed3601cfde1b2c262c1c760ccdeb.exe
-
Size
941KB
-
Sample
221208-p2yjhsaa65
-
MD5
2466ef10dba43064ff43bb3561a334f3
-
SHA1
eed7e44801dd572cf9dcebfbdef45917d9011c13
-
SHA256
34f098cea1c9091d52f961989d8953f26c29ed3601cfde1b2c262c1c760ccdeb
-
SHA512
94cd941d9d98f302cbe2d2483e1961ba3c5960c6e554f8c825a225ac30d4cbf8ef40b92f5cf28078974a2da80f166154e1f937d8eaa5cd80e2726548983077ac
-
SSDEEP
12288:MEgh/PsZ1DX/VDJsW0xHqKZ8re/Jm/mjDzxACZEtUEUx31XQKclqzAaPVBP7r9ry:MEgh/PTW0xHq08re8O7KCF1Qj2Pz1q
Static task
static1
Behavioral task
behavioral1
Sample
34f098cea1c9091d52f961989d8953f26c29ed3601cfde1b2c262c1c760ccdeb.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
34f098cea1c9091d52f961989d8953f26c29ed3601cfde1b2c262c1c760ccdeb.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.palumalimited.com - Port:
587 - Username:
novlove@palumalimited.com - Password:
85h!UAfvL2AE - Email To:
mullarred@gmail.com
Targets
-
-
Target
34f098cea1c9091d52f961989d8953f26c29ed3601cfde1b2c262c1c760ccdeb.exe
-
Size
941KB
-
MD5
2466ef10dba43064ff43bb3561a334f3
-
SHA1
eed7e44801dd572cf9dcebfbdef45917d9011c13
-
SHA256
34f098cea1c9091d52f961989d8953f26c29ed3601cfde1b2c262c1c760ccdeb
-
SHA512
94cd941d9d98f302cbe2d2483e1961ba3c5960c6e554f8c825a225ac30d4cbf8ef40b92f5cf28078974a2da80f166154e1f937d8eaa5cd80e2726548983077ac
-
SSDEEP
12288:MEgh/PsZ1DX/VDJsW0xHqKZ8re/Jm/mjDzxACZEtUEUx31XQKclqzAaPVBP7r9ry:MEgh/PTW0xHq08re8O7KCF1Qj2Pz1q
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-