General
-
Target
7b2828b96cdff5872a633a3d93651deb416049b563cff5323f12f0389240d94d
-
Size
716KB
-
Sample
231202-cs4yqahe24
-
MD5
e21a0e94ecc680b663e411cff254080e
-
SHA1
ad5ed75e5fd5d5beeb7892a0be3e3854554808d9
-
SHA256
7b2828b96cdff5872a633a3d93651deb416049b563cff5323f12f0389240d94d
-
SHA512
62e9b691935a4bb3edbb3c4fb2746d57d90dd0c584d923d25aaf1dd78d3a0e08de0e36e8b5af2fc13052b4112371a5356a0ed703f3b86ae15fd8eb1c1454e735
-
SSDEEP
12288:G4dIVT8zss3cQhDjBJ9g6CEtJMymAmBkh8PheCafZ2BP8rPI4K:G44TFyRjlbCEtqtTZPMvQ1h4
Static task
static1
Behavioral task
behavioral1
Sample
7b2828b96cdff5872a633a3d93651deb416049b563cff5323f12f0389240d94d.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
7b2828b96cdff5872a633a3d93651deb416049b563cff5323f12f0389240d94d.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
nne dimma080 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
nne dimma080
Targets
-
-
Target
7b2828b96cdff5872a633a3d93651deb416049b563cff5323f12f0389240d94d
-
Size
716KB
-
MD5
e21a0e94ecc680b663e411cff254080e
-
SHA1
ad5ed75e5fd5d5beeb7892a0be3e3854554808d9
-
SHA256
7b2828b96cdff5872a633a3d93651deb416049b563cff5323f12f0389240d94d
-
SHA512
62e9b691935a4bb3edbb3c4fb2746d57d90dd0c584d923d25aaf1dd78d3a0e08de0e36e8b5af2fc13052b4112371a5356a0ed703f3b86ae15fd8eb1c1454e735
-
SSDEEP
12288:G4dIVT8zss3cQhDjBJ9g6CEtJMymAmBkh8PheCafZ2BP8rPI4K:G44TFyRjlbCEtqtTZPMvQ1h4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-