General
-
Target
TT Copy.exe
-
Size
795KB
-
Sample
230403-qbgzhsge6s
-
MD5
feb570bffcd8d8ac2065edfa8117217c
-
SHA1
3eb75d1f94f1e219ee465e2726d49a315d5bba2c
-
SHA256
fce3edc1cf76792c761a9acddd97fc3700db91a23926491cfb3e00ca4eea234a
-
SHA512
a8ca50d842e9710f5e0252266a885581d33894adc2c44753a705eb5bb19bf372f0f94802cdf316702a46cea3964ad3bcb726586002d5b02db596c7645e3ea5bd
-
SSDEEP
12288:A7L5CBWKdq1FbwwJLwr3oJin2jmf4H2QjBJ6KTzbzWvkE+KTIN3VMkJkDPImZDO0:1frpcpjmfW6wzWkE7EMM
Static task
static1
Behavioral task
behavioral1
Sample
TT Copy.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
TT Copy.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rapidcheckng.com - Port:
587 - Username:
[email protected] - Password:
@Rapidcheckng# - Email To:
[email protected]
Targets
-
-
Target
TT Copy.exe
-
Size
795KB
-
MD5
feb570bffcd8d8ac2065edfa8117217c
-
SHA1
3eb75d1f94f1e219ee465e2726d49a315d5bba2c
-
SHA256
fce3edc1cf76792c761a9acddd97fc3700db91a23926491cfb3e00ca4eea234a
-
SHA512
a8ca50d842e9710f5e0252266a885581d33894adc2c44753a705eb5bb19bf372f0f94802cdf316702a46cea3964ad3bcb726586002d5b02db596c7645e3ea5bd
-
SSDEEP
12288:A7L5CBWKdq1FbwwJLwr3oJin2jmf4H2QjBJ6KTzbzWvkE+KTIN3VMkJkDPImZDO0:1frpcpjmfW6wzWkE7EMM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-