General
-
Target
Statement-1000276262.exe
-
Size
627KB
-
Sample
231204-rarm1abf77
-
MD5
e22092a033f807630b0c75a40e158714
-
SHA1
52de61c5707247eed38c62e05f97ff5dafc36e27
-
SHA256
5ce3eab6d2f6dce6ed4e7be3a397250f8489f0083c825f9f2dce0730525ec0d5
-
SHA512
a55b5dbe41f72ec3d0cb9331e162e939b66e337681165a064bfb9e774bda18fb9be6f8acec3b9a5eb0d4d1830d3887930c4ed05154266b7c2b38b8dd710a5fd0
-
SSDEEP
12288:945+po2lOfDtbNH0d1TJzIYap+n332E+Cspo+W0wqCcbuU/2gi3GiIehZCkXy0S:o+pJlOBhHajzIYapY2V15W0wqCcao2N
Static task
static1
Behavioral task
behavioral1
Sample
Statement-1000276262.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
Statement-1000276262.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
oCTLrCY2 - Email To:
[email protected]
Targets
-
-
Target
Statement-1000276262.exe
-
Size
627KB
-
MD5
e22092a033f807630b0c75a40e158714
-
SHA1
52de61c5707247eed38c62e05f97ff5dafc36e27
-
SHA256
5ce3eab6d2f6dce6ed4e7be3a397250f8489f0083c825f9f2dce0730525ec0d5
-
SHA512
a55b5dbe41f72ec3d0cb9331e162e939b66e337681165a064bfb9e774bda18fb9be6f8acec3b9a5eb0d4d1830d3887930c4ed05154266b7c2b38b8dd710a5fd0
-
SSDEEP
12288:945+po2lOfDtbNH0d1TJzIYap+n332E+Cspo+W0wqCcbuU/2gi3GiIehZCkXy0S:o+pJlOBhHajzIYapY2V15W0wqCcao2N
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-