General
-
Target
9bafddfe8d6bb947e607bde84d0dcb1bdc89a38906ae7527355c22fd6f6f6954.exe
-
Size
698KB
-
Sample
231201-ymzmpsfg88
-
MD5
8442d222200b02627956d889f053d613
-
SHA1
271768aa081d2c766525166336a67ba1472af0bd
-
SHA256
9bafddfe8d6bb947e607bde84d0dcb1bdc89a38906ae7527355c22fd6f6f6954
-
SHA512
87178a279e9311093cc0732d4a820db82e85881b17d99b6b1f94cd8e007fc4ec8254aa7b1df2f3ad871f32b391bd8e420c409515f13d1ec761b5de0c26e74e05
-
SSDEEP
12288:/Ncopox4SBj/3sUJwj+E+FqXKFqGXG0u30NCL6bAle9Elzgss7:uemp/cUJ4+/YXWlub/laJ
Static task
static1
Behavioral task
behavioral1
Sample
9bafddfe8d6bb947e607bde84d0dcb1bdc89a38906ae7527355c22fd6f6f6954.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
9bafddfe8d6bb947e607bde84d0dcb1bdc89a38906ae7527355c22fd6f6f6954.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
zqamcx.com - Port:
587 - Username:
[email protected] - Password:
Anambraeast@2023 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
zqamcx.com - Port:
587 - Username:
[email protected] - Password:
Anambraeast@2023
Targets
-
-
Target
9bafddfe8d6bb947e607bde84d0dcb1bdc89a38906ae7527355c22fd6f6f6954.exe
-
Size
698KB
-
MD5
8442d222200b02627956d889f053d613
-
SHA1
271768aa081d2c766525166336a67ba1472af0bd
-
SHA256
9bafddfe8d6bb947e607bde84d0dcb1bdc89a38906ae7527355c22fd6f6f6954
-
SHA512
87178a279e9311093cc0732d4a820db82e85881b17d99b6b1f94cd8e007fc4ec8254aa7b1df2f3ad871f32b391bd8e420c409515f13d1ec761b5de0c26e74e05
-
SSDEEP
12288:/Ncopox4SBj/3sUJwj+E+FqXKFqGXG0u30NCL6bAle9Elzgss7:uemp/cUJ4+/YXWlub/laJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-