General
-
Target
02084499.exe
-
Size
768KB
-
Sample
230614-pc8m7agg8y
-
MD5
1254520bdcfe7dd96d9378aba95656e5
-
SHA1
55d31bae2143de44cb8fb2fcfa7745f2c8da042c
-
SHA256
b8192f1fec7d9734eaa25fcb5a51e7b38ac904c4e3b6db13373e028496f5ea9f
-
SHA512
ba6a91487e8637ce191c0c9550c6c0291d6efce64b08f1d91c7cad0980f783e0c606ae4af09df27ab4e7fd9fd021c46f61c355a7c5734a9755bf17ec75d5b490
-
SSDEEP
12288:+bLXAndxtHYn8OvvC3kgn/yxPSTs9QlreP7TPsD4TYN2/WEXqXdVi:WcnpHhcwXyxS3lqP3U40cu4qXdVi
Static task
static1
Behavioral task
behavioral1
Sample
02084499.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
02084499.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.keefort.com.ec - Port:
587 - Username:
[email protected] - Password:
u=Wa6eChU3nj - Email To:
[email protected]
Targets
-
-
Target
02084499.exe
-
Size
768KB
-
MD5
1254520bdcfe7dd96d9378aba95656e5
-
SHA1
55d31bae2143de44cb8fb2fcfa7745f2c8da042c
-
SHA256
b8192f1fec7d9734eaa25fcb5a51e7b38ac904c4e3b6db13373e028496f5ea9f
-
SHA512
ba6a91487e8637ce191c0c9550c6c0291d6efce64b08f1d91c7cad0980f783e0c606ae4af09df27ab4e7fd9fd021c46f61c355a7c5734a9755bf17ec75d5b490
-
SSDEEP
12288:+bLXAndxtHYn8OvvC3kgn/yxPSTs9QlreP7TPsD4TYN2/WEXqXdVi:WcnpHhcwXyxS3lqP3U40cu4qXdVi
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-