General
-
Target
6f23c4b060e644dc6a6f1cd7ac58e44a4f3e203ff6129b6109cb0076d969aedb
-
Size
946KB
-
Sample
231205-ved49acf4w
-
MD5
640c8c973410694aa5effd24c3286077
-
SHA1
af73830e92e7945c1d90b37a5572f4ab22b29180
-
SHA256
6f23c4b060e644dc6a6f1cd7ac58e44a4f3e203ff6129b6109cb0076d969aedb
-
SHA512
e26e33326462acce623d9f0c5a4ace130b72e4c599f90d5f76a7477a105718eab58cd5442c603ff56f5a62ecd00c6e06ec8d5e3d3ed3efd0694d9817c67cffcf
-
SSDEEP
24576:/DkUNi1EvGhvqLJcZWgTOfVjUNQt6KyxGg5OpkLvZrB5ElRRN:/DkUrO1IAWgiVW8Ev5PrwL7
Static task
static1
Behavioral task
behavioral1
Sample
6f23c4b060e644dc6a6f1cd7ac58e44a4f3e203ff6129b6109cb0076d969aedb.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
6f23c4b060e644dc6a6f1cd7ac58e44a4f3e203ff6129b6109cb0076d969aedb.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.impot-expt.com - Port:
587 - Username:
[email protected] - Password:
MymoneyRR$$$123 - Email To:
[email protected]
Targets
-
-
Target
6f23c4b060e644dc6a6f1cd7ac58e44a4f3e203ff6129b6109cb0076d969aedb
-
Size
946KB
-
MD5
640c8c973410694aa5effd24c3286077
-
SHA1
af73830e92e7945c1d90b37a5572f4ab22b29180
-
SHA256
6f23c4b060e644dc6a6f1cd7ac58e44a4f3e203ff6129b6109cb0076d969aedb
-
SHA512
e26e33326462acce623d9f0c5a4ace130b72e4c599f90d5f76a7477a105718eab58cd5442c603ff56f5a62ecd00c6e06ec8d5e3d3ed3efd0694d9817c67cffcf
-
SSDEEP
24576:/DkUNi1EvGhvqLJcZWgTOfVjUNQt6KyxGg5OpkLvZrB5ElRRN:/DkUrO1IAWgiVW8Ev5PrwL7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-