General
-
Target
48dd86811e1f1141a201935380a3f2319c4100098ac654465c755ded168beedf
-
Size
676KB
-
Sample
231202-cxh7tahd9w
-
MD5
abb70dd8e01b89abb8c249de5282023b
-
SHA1
2fcca1ff3c2c6f110f4db2cf9893025c2521821c
-
SHA256
48dd86811e1f1141a201935380a3f2319c4100098ac654465c755ded168beedf
-
SHA512
e1ad0dc5a87999a2e24ff085bce114ada642bc0c933a4e89cf1a64caabe1d5c447c59048c89f5aee0cba95c4c57453b8c7e0a91084c6d09e9ef9f406cda27e6d
-
SSDEEP
12288:eCj/JJIx5SiV5d4cSFdH7ZDNsed4ydZNGgwhm/biEuTaoDDryg:f/Js5SIdSFdbhNFNBwhksLDDWg
Static task
static1
Behavioral task
behavioral1
Sample
48dd86811e1f1141a201935380a3f2319c4100098ac654465c755ded168beedf.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
48dd86811e1f1141a201935380a3f2319c4100098ac654465c755ded168beedf.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.consultoraosp.com.ar - Port:
587 - Username:
[email protected] - Password:
mariana2023 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.consultoraosp.com.ar - Port:
587 - Username:
[email protected] - Password:
mariana2023
Targets
-
-
Target
48dd86811e1f1141a201935380a3f2319c4100098ac654465c755ded168beedf
-
Size
676KB
-
MD5
abb70dd8e01b89abb8c249de5282023b
-
SHA1
2fcca1ff3c2c6f110f4db2cf9893025c2521821c
-
SHA256
48dd86811e1f1141a201935380a3f2319c4100098ac654465c755ded168beedf
-
SHA512
e1ad0dc5a87999a2e24ff085bce114ada642bc0c933a4e89cf1a64caabe1d5c447c59048c89f5aee0cba95c4c57453b8c7e0a91084c6d09e9ef9f406cda27e6d
-
SSDEEP
12288:eCj/JJIx5SiV5d4cSFdH7ZDNsed4ydZNGgwhm/biEuTaoDDryg:f/Js5SIdSFdbhNFNBwhksLDDWg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-