General
-
Target
2675bc14c6d17556370948b7a66efa835a8d8362828057e6a3570dbcc5c6d057
-
Size
819KB
-
Sample
231205-v2flladg56
-
MD5
f29554262c858e2e6fd1d828bbade0bc
-
SHA1
7cda09a6c742000f5868888a321216b1d3a72d00
-
SHA256
2675bc14c6d17556370948b7a66efa835a8d8362828057e6a3570dbcc5c6d057
-
SHA512
acbfa0c8e8d94cba1994cb23aed0fe0de6f8dc3ec9d2503f957af5990f5d8a923e6a42f9d2b8687540d711bf32d50ef2200a70d75883a67c4d894ddb0475bf2e
-
SSDEEP
24576:4k34/up+pJHkSJPvrxZ3IPtrQGUOfM0eh0Q:h38PJHkSpj4lrHf1Q
Static task
static1
Behavioral task
behavioral1
Sample
2675bc14c6d17556370948b7a66efa835a8d8362828057e6a3570dbcc5c6d057.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
2675bc14c6d17556370948b7a66efa835a8d8362828057e6a3570dbcc5c6d057.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ajgpjhnhhyeoaeoa - Email To:
[email protected]
Targets
-
-
Target
2675bc14c6d17556370948b7a66efa835a8d8362828057e6a3570dbcc5c6d057
-
Size
819KB
-
MD5
f29554262c858e2e6fd1d828bbade0bc
-
SHA1
7cda09a6c742000f5868888a321216b1d3a72d00
-
SHA256
2675bc14c6d17556370948b7a66efa835a8d8362828057e6a3570dbcc5c6d057
-
SHA512
acbfa0c8e8d94cba1994cb23aed0fe0de6f8dc3ec9d2503f957af5990f5d8a923e6a42f9d2b8687540d711bf32d50ef2200a70d75883a67c4d894ddb0475bf2e
-
SSDEEP
24576:4k34/up+pJHkSJPvrxZ3IPtrQGUOfM0eh0Q:h38PJHkSpj4lrHf1Q
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-