General
-
Target
efe39c5110b88d729074100bc89af380138174b641501f76eea1a8650ac88c8c.exe
-
Size
683KB
-
Sample
231202-lar1wabc3t
-
MD5
55d2f33d2a5ead061c3a413cfc5f0e33
-
SHA1
b243632d63c020713b9fb52d27f938eb5cb95946
-
SHA256
efe39c5110b88d729074100bc89af380138174b641501f76eea1a8650ac88c8c
-
SHA512
39878a22af39402be51bfd005e2e1c61b7ac88f8f9f355ec2172c86c6bb263043c0f076dafded97f2702a868983fa4a3b42d29434b60ee4f4c0e289de323d7c3
-
SSDEEP
12288:dCOFJxI0vCos9XWW5jeU99ZwStmILE+zx7YRg1F:pFJlvWXR5jeUZm+VJ1
Static task
static1
Behavioral task
behavioral1
Sample
efe39c5110b88d729074100bc89af380138174b641501f76eea1a8650ac88c8c.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
efe39c5110b88d729074100bc89af380138174b641501f76eea1a8650ac88c8c.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.zqamcx.com - Port:
587 - Username:
[email protected] - Password:
Anambraeast@123 - Email To:
[email protected]
Targets
-
-
Target
efe39c5110b88d729074100bc89af380138174b641501f76eea1a8650ac88c8c.exe
-
Size
683KB
-
MD5
55d2f33d2a5ead061c3a413cfc5f0e33
-
SHA1
b243632d63c020713b9fb52d27f938eb5cb95946
-
SHA256
efe39c5110b88d729074100bc89af380138174b641501f76eea1a8650ac88c8c
-
SHA512
39878a22af39402be51bfd005e2e1c61b7ac88f8f9f355ec2172c86c6bb263043c0f076dafded97f2702a868983fa4a3b42d29434b60ee4f4c0e289de323d7c3
-
SSDEEP
12288:dCOFJxI0vCos9XWW5jeU99ZwStmILE+zx7YRg1F:pFJlvWXR5jeUZm+VJ1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-