General
-
Target
f7e22055f229e74229772cf9f406b11e5944d6bc00cb2cce8bf99e2ef0e33b6e
-
Size
662KB
-
Sample
231205-vk1kfadd28
-
MD5
2ca8122c5174d3b87e7933ea7e040e64
-
SHA1
ac25e2333317ff9de2aa4f43561c08a743534f8a
-
SHA256
f7e22055f229e74229772cf9f406b11e5944d6bc00cb2cce8bf99e2ef0e33b6e
-
SHA512
e18986914cb3aa0ccb2c1ad0f309aff1b5906605dcca75ad3dce850c42ed4b04c809049909aa9db9322866333a2e5a0f79be064e72f74c818016eab28ef0c14e
-
SSDEEP
12288:8660F+WI8hUHEWlis8q2QyMOv8f9HhWALNvMHL7P50cKDcgCT2xp:NFBI8BWliYVM+FhWONvGndSxp
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA FATURA.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
PROFORMA FATURA.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
zqamcx.com - Port:
587 - Username:
[email protected] - Password:
Methodman991 - Email To:
[email protected]
Targets
-
-
Target
PROFORMA FATURA.exe
-
Size
832KB
-
MD5
4cc3e6a5b1f5473111ed0fe08c85455b
-
SHA1
5c13bab0cff294b13c0542fca040c19ec94e2967
-
SHA256
394633bc848d312c2e79e48b1b10eadbce297624c6b844d4f643d93b1fb33c35
-
SHA512
58ec9c7407439d5143a2614add8bd79063be03cc94539628ceb7290b362c1ff0e9a2884cae59700151a60d1b55db1ca3da4e395196137b89af443ceed19963c5
-
SSDEEP
12288:ac5nF8ME6jD/yecHhUHkWlijOnpmz32LP7PP0WKLcuCgRNwgqYqRe:acPtD/yeGXWliGmzGLjZdgRSgqg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-