General
-
Target
f878afdeb64bcecf49ccee9852553bb2048a03c7b9b00d05a3fc525c5c9e50a3
-
Size
814KB
-
Sample
231205-v3tvlsdg93
-
MD5
4ec73460f316448eceaab0af6a4213b9
-
SHA1
c5df88635161783940033de1e483a4b67af83cf8
-
SHA256
f878afdeb64bcecf49ccee9852553bb2048a03c7b9b00d05a3fc525c5c9e50a3
-
SHA512
469968e5b3a469e57673310670cba1fff063976d9b4fc7c08512f649805e7806f334a236071ee7c7ba0c44145a9398bd0a54038e3431c596dc701a63e71870b9
-
SSDEEP
12288:gWwrvtW8G34/uK45+po2FYmMc34StmUAEfUZrFxKEDqMdvPJ:Cu34/up+pJP/fU5b1DqMVJ
Static task
static1
Behavioral task
behavioral1
Sample
f878afdeb64bcecf49ccee9852553bb2048a03c7b9b00d05a3fc525c5c9e50a3.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
f878afdeb64bcecf49ccee9852553bb2048a03c7b9b00d05a3fc525c5c9e50a3.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
oCTLrCY2 - Email To:
[email protected]
Targets
-
-
Target
f878afdeb64bcecf49ccee9852553bb2048a03c7b9b00d05a3fc525c5c9e50a3
-
Size
814KB
-
MD5
4ec73460f316448eceaab0af6a4213b9
-
SHA1
c5df88635161783940033de1e483a4b67af83cf8
-
SHA256
f878afdeb64bcecf49ccee9852553bb2048a03c7b9b00d05a3fc525c5c9e50a3
-
SHA512
469968e5b3a469e57673310670cba1fff063976d9b4fc7c08512f649805e7806f334a236071ee7c7ba0c44145a9398bd0a54038e3431c596dc701a63e71870b9
-
SSDEEP
12288:gWwrvtW8G34/uK45+po2FYmMc34StmUAEfUZrFxKEDqMdvPJ:Cu34/up+pJP/fU5b1DqMVJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-