General
-
Target
eb6cc1987627340fcb7ba34ebad9174a770e28f43ae5b6eae6270f197d0a7e10
-
Size
784KB
-
Sample
231202-ce4e2ahd3s
-
MD5
36c3e031bafb66e40a1291ea6fce0e72
-
SHA1
f789f2e93c889ce67b272b83b8d0b5fb83a0dc04
-
SHA256
eb6cc1987627340fcb7ba34ebad9174a770e28f43ae5b6eae6270f197d0a7e10
-
SHA512
621a7a5c3ab1b0d298b329be2e0bbb6918e50d64578adc761572af880fd969cd5afc0c9dab3cce7b42c0a4a97be9984ce9af5c85e677e8932f83d107c70ddd89
-
SSDEEP
12288:oNLIWyVyBY3/yW2r7gKw1lEOb969zpZAUsXoiMnf1NuxyvKXZazFr:oNjed3qDrMlEQQ9zdsUNuxIYZq
Static task
static1
Behavioral task
behavioral1
Sample
eb6cc1987627340fcb7ba34ebad9174a770e28f43ae5b6eae6270f197d0a7e10.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
eb6cc1987627340fcb7ba34ebad9174a770e28f43ae5b6eae6270f197d0a7e10.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mailo.com - Port:
587 - Username:
[email protected] - Password:
Jesus234 - Email To:
[email protected]
Targets
-
-
Target
eb6cc1987627340fcb7ba34ebad9174a770e28f43ae5b6eae6270f197d0a7e10
-
Size
784KB
-
MD5
36c3e031bafb66e40a1291ea6fce0e72
-
SHA1
f789f2e93c889ce67b272b83b8d0b5fb83a0dc04
-
SHA256
eb6cc1987627340fcb7ba34ebad9174a770e28f43ae5b6eae6270f197d0a7e10
-
SHA512
621a7a5c3ab1b0d298b329be2e0bbb6918e50d64578adc761572af880fd969cd5afc0c9dab3cce7b42c0a4a97be9984ce9af5c85e677e8932f83d107c70ddd89
-
SSDEEP
12288:oNLIWyVyBY3/yW2r7gKw1lEOb969zpZAUsXoiMnf1NuxyvKXZazFr:oNjed3qDrMlEQQ9zdsUNuxIYZq
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-