General
-
Target
7f2bd5ae74aa8c987865c6e8e2ba9f92b6cd157cf285c6f545755bc7158b2cef
-
Size
679KB
-
Sample
231205-dh6v1ahc74
-
MD5
143bcd7eedd7bba4d27a270b7e3710f0
-
SHA1
0ca36b8a46dbaa099d75e2a9ff5aadffd7924f07
-
SHA256
7f2bd5ae74aa8c987865c6e8e2ba9f92b6cd157cf285c6f545755bc7158b2cef
-
SHA512
b6ab3b6105b9d35d8b12dcb7a392b7b8334f66535fa288faaec16ccf772f0d68da1ffb9bd69eec36d6c4ef3176eadc03529e5072a4263e779a20ef0fcfc80458
-
SSDEEP
12288:+645+po2MHuPxYXmY7yAkwzY4B7haW2z7WEKGxtja9I:+Z+pJHRoB7haWJxUkI
Static task
static1
Behavioral task
behavioral1
Sample
7f2bd5ae74aa8c987865c6e8e2ba9f92b6cd157cf285c6f545755bc7158b2cef.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
7f2bd5ae74aa8c987865c6e8e2ba9f92b6cd157cf285c6f545755bc7158b2cef.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.babynation.store - Port:
587 - Username:
[email protected] - Password:
Jesus@12 - Email To:
[email protected]
Targets
-
-
Target
7f2bd5ae74aa8c987865c6e8e2ba9f92b6cd157cf285c6f545755bc7158b2cef
-
Size
679KB
-
MD5
143bcd7eedd7bba4d27a270b7e3710f0
-
SHA1
0ca36b8a46dbaa099d75e2a9ff5aadffd7924f07
-
SHA256
7f2bd5ae74aa8c987865c6e8e2ba9f92b6cd157cf285c6f545755bc7158b2cef
-
SHA512
b6ab3b6105b9d35d8b12dcb7a392b7b8334f66535fa288faaec16ccf772f0d68da1ffb9bd69eec36d6c4ef3176eadc03529e5072a4263e779a20ef0fcfc80458
-
SSDEEP
12288:+645+po2MHuPxYXmY7yAkwzY4B7haW2z7WEKGxtja9I:+Z+pJHRoB7haWJxUkI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-