General
-
Target
12fc2f335ac11e12f1a08f13228a46a8066316b5b14441273f5b63f3f0b9cb19
-
Size
613KB
-
Sample
231202-cxlmyahd9x
-
MD5
fa3cf078391592b49079ec3b0b16525a
-
SHA1
e6963585e9f900e7f0807c0b08f43e0059346dc8
-
SHA256
12fc2f335ac11e12f1a08f13228a46a8066316b5b14441273f5b63f3f0b9cb19
-
SHA512
72f20b0531446e5a5ba8a3f59f83429546687a909f7f56887221dc166b1301b4801e770fd0365c2f09bfd96c9b8ef7615b95fa32970588608b4c9933f8bd6787
-
SSDEEP
12288:7C72Cm0FxMSwD/N+0DZFmVT5uFM3FpE7uzJbdQw+WNTgsZWW:6YrrsVdpE7wdEsZ
Static task
static1
Behavioral task
behavioral1
Sample
12fc2f335ac11e12f1a08f13228a46a8066316b5b14441273f5b63f3f0b9cb19.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
12fc2f335ac11e12f1a08f13228a46a8066316b5b14441273f5b63f3f0b9cb19.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.goldeneaglelog.com.my - Port:
587 - Username:
[email protected] - Password:
Natikah93 - Email To:
[email protected]
Targets
-
-
Target
12fc2f335ac11e12f1a08f13228a46a8066316b5b14441273f5b63f3f0b9cb19
-
Size
613KB
-
MD5
fa3cf078391592b49079ec3b0b16525a
-
SHA1
e6963585e9f900e7f0807c0b08f43e0059346dc8
-
SHA256
12fc2f335ac11e12f1a08f13228a46a8066316b5b14441273f5b63f3f0b9cb19
-
SHA512
72f20b0531446e5a5ba8a3f59f83429546687a909f7f56887221dc166b1301b4801e770fd0365c2f09bfd96c9b8ef7615b95fa32970588608b4c9933f8bd6787
-
SSDEEP
12288:7C72Cm0FxMSwD/N+0DZFmVT5uFM3FpE7uzJbdQw+WNTgsZWW:6YrrsVdpE7wdEsZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-