General
-
Target
a5d50d0dd9ddcd2a0dfc27ff42a5bb13487b2c7b94087666fb5a16a0057b1549.7z
-
Size
693KB
-
Sample
231202-jgk5ssae98
-
MD5
c7980137b6979656fa31cf6cce3c715e
-
SHA1
3c71737304fcf580263278940498bf019ea1a265
-
SHA256
a5d50d0dd9ddcd2a0dfc27ff42a5bb13487b2c7b94087666fb5a16a0057b1549
-
SHA512
26c9d554a545b2261913f364437cec92f1754b2a4e880b34d94fcb9bfc60ae24114117cf25ffb445953af26ee408b40aed1e8a0bdc129f4cdc77d5529c827ab0
-
SSDEEP
12288:uwQCqu8K4ujLCzwqKHJ6MSaGyAds1EDrHE+f3R/Ekao:VlT8LOSn21ArHbhnao
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice - Well Ergon 16-09-2023.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Proforma Invoice - Well Ergon 16-09-2023.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
kex#-rHjHM4qKk52 - Email To:
[email protected]
Targets
-
-
Target
Proforma Invoice - Well Ergon 16-09-2023.exe
-
Size
981KB
-
MD5
ff1eb59fead63e9e085cc141cfe2ea05
-
SHA1
f367f16f00b643194270fae417603025fd720a4e
-
SHA256
fa9768671a5cf88a6140c7dc6a4a23e428707e903640e66d7eab3fa7e0ba52e2
-
SHA512
18befc027e7bce78743845becac2c97551e7b197a08cc59a1ffba032cff4259078c93f8e5da3d26a2b62656a7c5ec9a815219a20f4ea13241fa0bc24f2ef069d
-
SSDEEP
12288:DsJ28iaLMu8KCzKXB/wqKFtAEJaGyrP11UFWopoxpgn2IyFqpXWr0EeS7J/P7r9O:D+2vaLP8v+lhj1UYei1q
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-