General
-
Target
1eef9f1c50a5362d4ff555b6cc5bc5df.bin
-
Size
6KB
-
Sample
230920-bhcaaada7y
-
MD5
9aa0b3598b33f4fab63befd84a471068
-
SHA1
33f1f95707db536001a3b4ec9fb6499808e118f6
-
SHA256
82dbbd2e96ffda915fb24e4c4f74155bbe535df69ec59f2255fbe2744a0235fc
-
SHA512
94d91cdb2cad268144c7f3c9a3d8414bd32ef3d8bb9991b9897bf1e45dbd1365d8e8cb51af9b09d39148446a881dd54b86a178e5a89c1ec0c56ff931d76e4159
-
SSDEEP
192:zuiz6aO5Zvw11BymaA1HLOylgo8MTOyzy5OZp7Xdg9vd//:CiuaO5ZvwrBrZNOylg3KqONQx/
Static task
static1
Behavioral task
behavioral1
Sample
420a2c200fde9d62bc040616edd62949aec77d6e39bf864602f584792fc8e867.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
420a2c200fde9d62bc040616edd62949aec77d6e39bf864602f584792fc8e867.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mbarieservicesltd.com - Port:
587 - Username:
[email protected] - Password:
*o9H+18Q4%;M - Email To:
[email protected]
Targets
-
-
Target
420a2c200fde9d62bc040616edd62949aec77d6e39bf864602f584792fc8e867.exe
-
Size
12KB
-
MD5
1eef9f1c50a5362d4ff555b6cc5bc5df
-
SHA1
caa4099e942052634cea6fc2866d9652f09cf546
-
SHA256
420a2c200fde9d62bc040616edd62949aec77d6e39bf864602f584792fc8e867
-
SHA512
56c41cf987ba22ddac2cac9ef10e3dbadf2abd99ca0ed3510883d532cc5d1625ce50426308b8e91bd20645e3812074b31b977976646d751621dd18a92b877218
-
SSDEEP
192:nlv0pHLdF1bvM+A4tLHwpTxHR95w0J1dZdckF+syKtieOv:d+Lxbk+A4tTyFSvsyuDO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-