General
-
Target
SecuriteInfo.com.Trojan.PackedNET.1995.9835.24201.exe
-
Size
670KB
-
Sample
231202-j6pjhsag7v
-
MD5
c1b548a7ac2b3850ea4482d07eefd364
-
SHA1
f4de4836ad0e2f6a13193adf00cf45788e89fd16
-
SHA256
278fe6cf80d27a70d639d6f159ad63fdc5c4af62c358cd53d379d0005dc19f62
-
SHA512
06454c7af52ebb172fdb3f887143d7e4e3ca7cb8b8516bdda7c4c197d4e9da04860ce02bf24ac04f6e61b72b5d13051931f99bf6b36533dcc3ac8d20d62c6f4b
-
SSDEEP
12288:UbjIdgMmCtakk7hDz0wQSfhYI7ZMy0iy4iLmRrJilSEgI0eSSejYbso:UbogMfvklzQSZYI7N0iCKl6SE10ae
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.1995.9835.24201.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PackedNET.1995.9835.24201.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mgsales.net - Port:
587 - Username:
[email protected] - Password:
.L&tA{$_f4+t - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.1995.9835.24201.exe
-
Size
670KB
-
MD5
c1b548a7ac2b3850ea4482d07eefd364
-
SHA1
f4de4836ad0e2f6a13193adf00cf45788e89fd16
-
SHA256
278fe6cf80d27a70d639d6f159ad63fdc5c4af62c358cd53d379d0005dc19f62
-
SHA512
06454c7af52ebb172fdb3f887143d7e4e3ca7cb8b8516bdda7c4c197d4e9da04860ce02bf24ac04f6e61b72b5d13051931f99bf6b36533dcc3ac8d20d62c6f4b
-
SSDEEP
12288:UbjIdgMmCtakk7hDz0wQSfhYI7ZMy0iy4iLmRrJilSEgI0eSSejYbso:UbogMfvklzQSZYI7N0iCKl6SE10ae
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-