General
-
Target
NEAS.7e5e3c49e0bcb2e16b86e870f591feca75b0d7007ed5851ecdfb70fa3d06976cexe_JC.exe
-
Size
678KB
-
Sample
231006-r2pmqadb51
-
MD5
db82b1e54d378158c2873fd90f30880a
-
SHA1
75d28d710180b899847f35de4857952cde5d97ba
-
SHA256
7e5e3c49e0bcb2e16b86e870f591feca75b0d7007ed5851ecdfb70fa3d06976c
-
SHA512
f9c8402cc418c9f9dbfec2b4ae6d5e583e2f89b4a663a079e2c2753b75cd54b553c1fb01b2e28f46661d69e7ba12e6f6b62edc0750bb92e6e9d14b7e2b5b84b8
-
SSDEEP
12288:2iMl/jysa+SRohg0KbwQZvwFRQkFvUPaIONAqptrBm1k5Bfa4SliEv3:kLysa+SKeBnMGkFmaISjI1kjfuBv
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.7e5e3c49e0bcb2e16b86e870f591feca75b0d7007ed5851ecdfb70fa3d06976cexe_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.7e5e3c49e0bcb2e16b86e870f591feca75b0d7007ed5851ecdfb70fa3d06976cexe_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
https://discordapp.com/api/webhooks/1151596988136181840/QdgulOKX9Onw_VaSQk6b3c5Sm7_Mt-0_huxqLUgO5ybBxQL_jiC6-2Afk2vAsJOZSANp
Targets
-
-
Target
NEAS.7e5e3c49e0bcb2e16b86e870f591feca75b0d7007ed5851ecdfb70fa3d06976cexe_JC.exe
-
Size
678KB
-
MD5
db82b1e54d378158c2873fd90f30880a
-
SHA1
75d28d710180b899847f35de4857952cde5d97ba
-
SHA256
7e5e3c49e0bcb2e16b86e870f591feca75b0d7007ed5851ecdfb70fa3d06976c
-
SHA512
f9c8402cc418c9f9dbfec2b4ae6d5e583e2f89b4a663a079e2c2753b75cd54b553c1fb01b2e28f46661d69e7ba12e6f6b62edc0750bb92e6e9d14b7e2b5b84b8
-
SSDEEP
12288:2iMl/jysa+SRohg0KbwQZvwFRQkFvUPaIONAqptrBm1k5Bfa4SliEv3:kLysa+SKeBnMGkFmaISjI1kjfuBv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-