General
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.17658.11235.exe
-
Size
667KB
-
Sample
230526-nr9y5afg2x
-
MD5
d35f91fc0edf6749313afc728a62c794
-
SHA1
a8b1f5ecd119cdc606aa6c4539990313e741a1cc
-
SHA256
539b70f704ffff9cf973a032e01e39d31613a4ce7cd9939d84746d587d0a7ac9
-
SHA512
1715195a0361780bbc930552517cccb4daa61aad166e5b0a32a0757b95f669f0f37e3b841d6cf0ad029b0b0af14c53ea7b3443829155ea85a845aa35286b3346
-
SSDEEP
12288:bK17z5GoJiGaq5au4Btv5qGa6nrNk2OL8jcCUoeRXm7XXdezN:s5GoR5aJB55qGaok3L8ZUhtGXXdA
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.MalwareX-gen.17658.11235.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.MalwareX-gen.17658.11235.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
admin@nakheellandscapes.cf - Password:
Brillium360@@ - Email To:
admin@nakheellandscapes.cf
Targets
-
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.17658.11235.exe
-
Size
667KB
-
MD5
d35f91fc0edf6749313afc728a62c794
-
SHA1
a8b1f5ecd119cdc606aa6c4539990313e741a1cc
-
SHA256
539b70f704ffff9cf973a032e01e39d31613a4ce7cd9939d84746d587d0a7ac9
-
SHA512
1715195a0361780bbc930552517cccb4daa61aad166e5b0a32a0757b95f669f0f37e3b841d6cf0ad029b0b0af14c53ea7b3443829155ea85a845aa35286b3346
-
SSDEEP
12288:bK17z5GoJiGaq5au4Btv5qGa6nrNk2OL8jcCUoeRXm7XXdezN:s5GoR5aJB55qGaok3L8ZUhtGXXdA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-