General
-
Target
29dde0c42e931658310ede756d477eea838ad95e75a7b589fe8393b0f30bbfa6
-
Size
818KB
-
Sample
231205-cvzrsagg71
-
MD5
3d96b5fa3d4aec629fc9eabc97d17b1a
-
SHA1
bbf097eda548be4bb8f2e2ac440bfe0838ccce12
-
SHA256
29dde0c42e931658310ede756d477eea838ad95e75a7b589fe8393b0f30bbfa6
-
SHA512
f19d6fc1786de14923596e7d8b51005e329d2bb72d4255bf7837063a34c46687dd8e25e8711d9aef32021f8dea157230428a196394569f9c286cdb4fca3d06ba
-
SSDEEP
12288:dWxr8tW8G34/uK45+po2yzBX2eln5gi+jiiUVxKfC3xFCLOzaMpsDiDfC7o+ncY0:mz34/up+pJ/elnD+ON4C/psDkq73dX
Static task
static1
Behavioral task
behavioral1
Sample
29dde0c42e931658310ede756d477eea838ad95e75a7b589fe8393b0f30bbfa6.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
29dde0c42e931658310ede756d477eea838ad95e75a7b589fe8393b0f30bbfa6.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.precise.co.in - Port:
587 - Username:
[email protected] - Password:
Singh@2022$ - Email To:
[email protected]
Targets
-
-
Target
29dde0c42e931658310ede756d477eea838ad95e75a7b589fe8393b0f30bbfa6
-
Size
818KB
-
MD5
3d96b5fa3d4aec629fc9eabc97d17b1a
-
SHA1
bbf097eda548be4bb8f2e2ac440bfe0838ccce12
-
SHA256
29dde0c42e931658310ede756d477eea838ad95e75a7b589fe8393b0f30bbfa6
-
SHA512
f19d6fc1786de14923596e7d8b51005e329d2bb72d4255bf7837063a34c46687dd8e25e8711d9aef32021f8dea157230428a196394569f9c286cdb4fca3d06ba
-
SSDEEP
12288:dWxr8tW8G34/uK45+po2yzBX2eln5gi+jiiUVxKfC3xFCLOzaMpsDiDfC7o+ncY0:mz34/up+pJ/elnD+ON4C/psDkq73dX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-