General
-
Target
947ac03f0914498c33f09368c3faf962dd4756ee12872e3a5e26eafdb2e2a297
-
Size
831KB
-
Sample
231205-v3ze4adg97
-
MD5
6020e02d5920971b32a909d7b97492a5
-
SHA1
a56f551ee8773da48bea6811e1a08814a6eacd1d
-
SHA256
947ac03f0914498c33f09368c3faf962dd4756ee12872e3a5e26eafdb2e2a297
-
SHA512
15a9ecffb1ffc7b9737392e4a10b9c100f81e91541e0d7a71d3c550bcd55c2c4b50dd39806f69fe766d2786fe7da38fc23a92106b996d9af1b6bada14a9a4f2f
-
SSDEEP
12288:gfYNr4RCHExP45+po2+4zJIsZnUAg1jd80jT/W8u6OLCYMdBSWXqMNBQt1WBVFTw:/HEk+pJaQ8vK1tRWXhvy1MTCmp0ck
Static task
static1
Behavioral task
behavioral1
Sample
947ac03f0914498c33f09368c3faf962dd4756ee12872e3a5e26eafdb2e2a297.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
947ac03f0914498c33f09368c3faf962dd4756ee12872e3a5e26eafdb2e2a297.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Lover boy @123 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Lover boy @123
Targets
-
-
Target
947ac03f0914498c33f09368c3faf962dd4756ee12872e3a5e26eafdb2e2a297
-
Size
831KB
-
MD5
6020e02d5920971b32a909d7b97492a5
-
SHA1
a56f551ee8773da48bea6811e1a08814a6eacd1d
-
SHA256
947ac03f0914498c33f09368c3faf962dd4756ee12872e3a5e26eafdb2e2a297
-
SHA512
15a9ecffb1ffc7b9737392e4a10b9c100f81e91541e0d7a71d3c550bcd55c2c4b50dd39806f69fe766d2786fe7da38fc23a92106b996d9af1b6bada14a9a4f2f
-
SSDEEP
12288:gfYNr4RCHExP45+po2+4zJIsZnUAg1jd80jT/W8u6OLCYMdBSWXqMNBQt1WBVFTw:/HEk+pJaQ8vK1tRWXhvy1MTCmp0ck
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-