General
-
Target
NEAS.fef0ad22b4d7cdca14fcd378769fe3f2787b10417d870b26d498654fc6f2866eexe_JC.exe
-
Size
449KB
-
Sample
231025-xfhvyaeh9x
-
MD5
167c7aa7add3af8ebab9c91b95df6ce7
-
SHA1
1602dd5362b3767d14a8d98264711a873b89f960
-
SHA256
fef0ad22b4d7cdca14fcd378769fe3f2787b10417d870b26d498654fc6f2866e
-
SHA512
2ec0b32a7217b4a9218865491b2c645efaf06859a89139e9ab70ed42f6549e8f1267df5c02d02e68b4cebee114e49e11cb9622d273977ccec121a6a092bfbbf5
-
SSDEEP
6144:Ax43uLzZRywJdHrxxatKZY7ZWo0Om/PoNUCAlFDGMCrjIP34ODoBEkXjUXe+LCBG:JuLFRyk9YKWYRFZCAlBGMCg34X2LC
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.fef0ad22b4d7cdca14fcd378769fe3f2787b10417d870b26d498654fc6f2866eexe_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.fef0ad22b4d7cdca14fcd378769fe3f2787b10417d870b26d498654fc6f2866eexe_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.greebals.gr - Port:
587 - Username:
info@greebals.gr - Password:
2pvkb35mPGU#
Targets
-
-
Target
NEAS.fef0ad22b4d7cdca14fcd378769fe3f2787b10417d870b26d498654fc6f2866eexe_JC.exe
-
Size
449KB
-
MD5
167c7aa7add3af8ebab9c91b95df6ce7
-
SHA1
1602dd5362b3767d14a8d98264711a873b89f960
-
SHA256
fef0ad22b4d7cdca14fcd378769fe3f2787b10417d870b26d498654fc6f2866e
-
SHA512
2ec0b32a7217b4a9218865491b2c645efaf06859a89139e9ab70ed42f6549e8f1267df5c02d02e68b4cebee114e49e11cb9622d273977ccec121a6a092bfbbf5
-
SSDEEP
6144:Ax43uLzZRywJdHrxxatKZY7ZWo0Om/PoNUCAlFDGMCrjIP34ODoBEkXjUXe+LCBG:JuLFRyk9YKWYRFZCAlBGMCg34X2LC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-