General
-
Target
381705b66d71580ac9ed64acaf63158d45ddff7690f45f6c1fa62e62cf50bde2
-
Size
1.2MB
-
Sample
231205-v5damsdh37
-
MD5
063064253e45751c8724c6cfe8ea44fa
-
SHA1
b388fd4298c8f7c59cb37fc130a31d894745b0ea
-
SHA256
381705b66d71580ac9ed64acaf63158d45ddff7690f45f6c1fa62e62cf50bde2
-
SHA512
32ca1ff96b4cdd62dc115ea81b6248a310bcf21382237f35d3e91e357f51d317881399b3d4ce36d011553c8494e85236147e6579cdcb7bfe39b019845475b87b
-
SSDEEP
12288:Y645+po2MHuPxYXmY7yAkwzY4B7haW2z7WEKGxtja9I:YZ+pJHRoB7haWJxUkI
Static task
static1
Behavioral task
behavioral1
Sample
LBDXZOJZ.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
LBDXZOJZ.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.babynation.store - Port:
587 - Username:
[email protected] - Password:
Jesus@12 - Email To:
[email protected]
Targets
-
-
Target
LBDXZOJZ.EXE
-
Size
679KB
-
MD5
143bcd7eedd7bba4d27a270b7e3710f0
-
SHA1
0ca36b8a46dbaa099d75e2a9ff5aadffd7924f07
-
SHA256
7f2bd5ae74aa8c987865c6e8e2ba9f92b6cd157cf285c6f545755bc7158b2cef
-
SHA512
b6ab3b6105b9d35d8b12dcb7a392b7b8334f66535fa288faaec16ccf772f0d68da1ffb9bd69eec36d6c4ef3176eadc03529e5072a4263e779a20ef0fcfc80458
-
SSDEEP
12288:+645+po2MHuPxYXmY7yAkwzY4B7haW2z7WEKGxtja9I:+Z+pJHRoB7haWJxUkI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-