General
-
Target
file.exe
-
Size
1.1MB
-
Sample
230327-r36bvsdh72
-
MD5
f8ce470d80b71f2872dd43b1733b5e70
-
SHA1
9323ed79ed557497192e6ebf687b9a59d8dc8cf2
-
SHA256
adc0e74081dd6c507dda1fbf41a7b9a1386aa4ca58edf5bd0ce3743411b5bc79
-
SHA512
53aed151acc524237a427dd4e969f27d2d26759bec54af158a186564d846b10bd4d06b18d3cf3a049a3d031ccd294fb92eca11823b9352f97728362c8685c2a6
-
SSDEEP
12288:PAm9M526jqjr8bEmTBizx4zCy9feQsc78mabde119ebmiOZgIu0:PAeMRqjrm4zuzYc72bd+3eIu0
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
log3@forrwel.net - Password:
HNnNLPY3 - Email To:
log3@forrwel.net
Targets
-
-
Target
file.exe
-
Size
1.1MB
-
MD5
f8ce470d80b71f2872dd43b1733b5e70
-
SHA1
9323ed79ed557497192e6ebf687b9a59d8dc8cf2
-
SHA256
adc0e74081dd6c507dda1fbf41a7b9a1386aa4ca58edf5bd0ce3743411b5bc79
-
SHA512
53aed151acc524237a427dd4e969f27d2d26759bec54af158a186564d846b10bd4d06b18d3cf3a049a3d031ccd294fb92eca11823b9352f97728362c8685c2a6
-
SSDEEP
12288:PAm9M526jqjr8bEmTBizx4zCy9feQsc78mabde119ebmiOZgIu0:PAeMRqjrm4zuzYc72bd+3eIu0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-