General
-
Target
d72880e84ee6adafc15282e19195ae20618c5655b89c3b25e677af86385982fd.7z
-
Size
605KB
-
Sample
231202-jg2sjsae9w
-
MD5
b82beeec5f7a3c6978d4432785cce7cf
-
SHA1
890bec626f4ce2e8978b2c4fc412700344327cd5
-
SHA256
d72880e84ee6adafc15282e19195ae20618c5655b89c3b25e677af86385982fd
-
SHA512
40a9ea4b13b34f4dd36ad20cf0a2fa36d6f36745059b357674492caadef2f8c94c6b518095f188cb7b8535659cc38307fab7504cc10856f6a784344dec87f040
-
SSDEEP
12288:qM9kBIwDGjRogx1JFoZXiF8D0w3Se7zJb+cguWZ5iCn4DbOG6hT:feIZug3JFoK4Secc7iiC42G6hT
Static task
static1
Behavioral task
behavioral1
Sample
123 WHL (ASA route) SSHAS0123860.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
123 WHL (ASA route) SSHAS0123860.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dynamicconsultinglogistics.ma - Port:
587 - Username:
[email protected] - Password:
Laanaya@2022 - Email To:
[email protected]
Targets
-
-
Target
123 WHL (ASA route) SSHAS0123860.exe
-
Size
691KB
-
MD5
52092f980201ffce0352e5126ed0bf43
-
SHA1
919d960cad9c7495d253f741fe56000bfe11e938
-
SHA256
54aecbaf7821c0ee087cae191865a7df8b58408efbaec7b96b6b0dda54efd32f
-
SHA512
ed8aa398d970628d7e5d759f0567d778eafac99807a70dde406bc0ecd1a1f57c5f13cbb7655053bb088fe81ea0b337becd9b598be49a71fbddd343b9249ed705
-
SSDEEP
12288:fAcopox4QzSIGjRzgx1JtoZX8F8D0m3SqazJb+cgxWZqiwn4DbOKij:zeQSftg3Jto4eSqRcm/iw421
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-