General
-
Target
9781aeef25933b2e60e350f984a7a06c916e9ce6e5ca2a38d2d3dd752357ae94
-
Size
813KB
-
Sample
231202-crhdbshd96
-
MD5
be3988bbf70d69b9d73d74bfcc8fb164
-
SHA1
271f55af9cfa8b4bd0b3469940bd7722f2579555
-
SHA256
9781aeef25933b2e60e350f984a7a06c916e9ce6e5ca2a38d2d3dd752357ae94
-
SHA512
0288f4daf6239703ef7af17c549786bc14f6999f2559644c5f5668be3557fa4b5d0230bdaa69f4dc8a75f3111654dbe9897d778e8bfb3298e6c01159dd5660aa
-
SSDEEP
12288:I9dILurOuKPQq3FUJQrGvZ1gSAEfBMdlQduRTg6Z/4eb3TSGhgoFJ2W:I9ZrByFMdvZr5fiRTg9q3ThgA
Static task
static1
Behavioral task
behavioral1
Sample
9781aeef25933b2e60e350f984a7a06c916e9ce6e5ca2a38d2d3dd752357ae94.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
9781aeef25933b2e60e350f984a7a06c916e9ce6e5ca2a38d2d3dd752357ae94.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.defalife.com.tr - Port:
587 - Username:
[email protected] - Password:
Defalife.124578
Extracted
agenttesla
Protocol: smtp- Host:
mail.defalife.com.tr - Port:
587 - Username:
[email protected] - Password:
Defalife.124578 - Email To:
[email protected]
Targets
-
-
Target
9781aeef25933b2e60e350f984a7a06c916e9ce6e5ca2a38d2d3dd752357ae94
-
Size
813KB
-
MD5
be3988bbf70d69b9d73d74bfcc8fb164
-
SHA1
271f55af9cfa8b4bd0b3469940bd7722f2579555
-
SHA256
9781aeef25933b2e60e350f984a7a06c916e9ce6e5ca2a38d2d3dd752357ae94
-
SHA512
0288f4daf6239703ef7af17c549786bc14f6999f2559644c5f5668be3557fa4b5d0230bdaa69f4dc8a75f3111654dbe9897d778e8bfb3298e6c01159dd5660aa
-
SSDEEP
12288:I9dILurOuKPQq3FUJQrGvZ1gSAEfBMdlQduRTg6Z/4eb3TSGhgoFJ2W:I9ZrByFMdvZr5fiRTg9q3ThgA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-