General
-
Target
0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d.exe
-
Size
647KB
-
Sample
231201-v9nl6sec62
-
MD5
c4a1c630b0f8185f81caeee3fb378744
-
SHA1
c57c38a18d2a349d621ab059c28f04ce68302d8c
-
SHA256
0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d
-
SHA512
5470a96ebbb28efcb1959c0ff9a4a30f95f4e825de1fbe63797219465801eff6a2227baf476371c27ad8a52151cbf0060fc943a47626221959e26f01e870c34b
-
SSDEEP
12288:pHoZzsJ5QWsnm8O1OkfZFZllfvih/IpZAEbRCk9TN0IetKjWo7lb2SGopox:KJsdsPC9ZHfvihA//bRp9xFeAjWrXe
Static task
static1
Behavioral task
behavioral1
Sample
0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
29ftOO+6H-ivsG5A - Email To:
[email protected]
Targets
-
-
Target
0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d.exe
-
Size
647KB
-
MD5
c4a1c630b0f8185f81caeee3fb378744
-
SHA1
c57c38a18d2a349d621ab059c28f04ce68302d8c
-
SHA256
0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d
-
SHA512
5470a96ebbb28efcb1959c0ff9a4a30f95f4e825de1fbe63797219465801eff6a2227baf476371c27ad8a52151cbf0060fc943a47626221959e26f01e870c34b
-
SSDEEP
12288:pHoZzsJ5QWsnm8O1OkfZFZllfvih/IpZAEbRCk9TN0IetKjWo7lb2SGopox:KJsdsPC9ZHfvihA//bRp9xFeAjWrXe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-