General
-
Target
160d0356566a52dedd00c17f3e01854154d5de2eafbdc2ac5aa5165649570872
-
Size
812KB
-
Sample
231205-wakxnsea32
-
MD5
d84560a7a3b12ca11b085ef7a65397e1
-
SHA1
389afd9cb62cdf633b895be7af97883c0e0c10fb
-
SHA256
160d0356566a52dedd00c17f3e01854154d5de2eafbdc2ac5aa5165649570872
-
SHA512
7d7afaa8569c8da8368972c556f8c1b9313afed783332db900a2ccab1e8e8c2abe32a90769f7e698d047d7bdbc73a8edaa15bed90afdfb75722e238a0cd21846
-
SSDEEP
12288:OWcQtW8G34/uK45+po20lTslOmIy07PiANoUzaPM5Iy+v9HkwaNJEmPkVK+QqdH3:E34/up+pJ0V1MI6UziW+VaMm8V4AHGG
Static task
static1
Behavioral task
behavioral1
Sample
160d0356566a52dedd00c17f3e01854154d5de2eafbdc2ac5aa5165649570872.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
160d0356566a52dedd00c17f3e01854154d5de2eafbdc2ac5aa5165649570872.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tecnosilos.com.py - Port:
587 - Username:
[email protected] - Password:
wY],Z[mo8kxz - Email To:
[email protected]
Targets
-
-
Target
160d0356566a52dedd00c17f3e01854154d5de2eafbdc2ac5aa5165649570872
-
Size
812KB
-
MD5
d84560a7a3b12ca11b085ef7a65397e1
-
SHA1
389afd9cb62cdf633b895be7af97883c0e0c10fb
-
SHA256
160d0356566a52dedd00c17f3e01854154d5de2eafbdc2ac5aa5165649570872
-
SHA512
7d7afaa8569c8da8368972c556f8c1b9313afed783332db900a2ccab1e8e8c2abe32a90769f7e698d047d7bdbc73a8edaa15bed90afdfb75722e238a0cd21846
-
SSDEEP
12288:OWcQtW8G34/uK45+po20lTslOmIy07PiANoUzaPM5Iy+v9HkwaNJEmPkVK+QqdH3:E34/up+pJ0V1MI6UziW+VaMm8V4AHGG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-