General
-
Target
506acfc8470cafd586c92601b39e4c6993d78c57da5d68740afaee1959681dcb
-
Size
925KB
-
Sample
231202-cm59lahd6t
-
MD5
4df93d338035c6e7d9b2b17c0e38ca26
-
SHA1
107c8691d7483f3a1c3f1d0628ff7cb7c5ce07e5
-
SHA256
506acfc8470cafd586c92601b39e4c6993d78c57da5d68740afaee1959681dcb
-
SHA512
e829986ab8bb4ea5a979e35cca217fb1e40e6cd4f205dc42b91d015f88bd798e3436b374c51f4ce7adbe5c4d3cc42456d00cf1c9762cd8234986030561ad93d1
-
SSDEEP
12288:2vNIAMRwaeCuGyPGoOz8dcn39o3l5LEmos8x93nT6WP7r9r/+ppppppppppppppZ:6/bCFy6NCgx393+W1q
Static task
static1
Behavioral task
behavioral1
Sample
506acfc8470cafd586c92601b39e4c6993d78c57da5d68740afaee1959681dcb.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
506acfc8470cafd586c92601b39e4c6993d78c57da5d68740afaee1959681dcb.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
29ftOO+6H-ivsG5A - Email To:
[email protected]
Targets
-
-
Target
506acfc8470cafd586c92601b39e4c6993d78c57da5d68740afaee1959681dcb
-
Size
925KB
-
MD5
4df93d338035c6e7d9b2b17c0e38ca26
-
SHA1
107c8691d7483f3a1c3f1d0628ff7cb7c5ce07e5
-
SHA256
506acfc8470cafd586c92601b39e4c6993d78c57da5d68740afaee1959681dcb
-
SHA512
e829986ab8bb4ea5a979e35cca217fb1e40e6cd4f205dc42b91d015f88bd798e3436b374c51f4ce7adbe5c4d3cc42456d00cf1c9762cd8234986030561ad93d1
-
SSDEEP
12288:2vNIAMRwaeCuGyPGoOz8dcn39o3l5LEmos8x93nT6WP7r9r/+ppppppppppppppZ:6/bCFy6NCgx393+W1q
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-