General
-
Target
7313bba3ca9b2518cc049ad47ab159f47675c0199fc812b6bc5a0584616b220aexe.exe
-
Size
1008KB
-
Sample
231205-wwww3aec95
-
MD5
c556abc2e04d6889cf0a059f9133af60
-
SHA1
80d768a65c200d34517bdf788e8ae649e4f4addf
-
SHA256
7313bba3ca9b2518cc049ad47ab159f47675c0199fc812b6bc5a0584616b220a
-
SHA512
1b766194cf4c7419366f9c05d1ba58ead14413125ce309825d4cd607edb4cb49bee7d4af46397df9d9bf27ea3418d96f642932ef068ea403f89a91b7e29162f7
-
SSDEEP
24576:p1tk+pJ16fvFeZ81CAH9ddcuq+vHWH32M4L:rZJUf9HH9Euqn32r
Static task
static1
Behavioral task
behavioral1
Sample
7313bba3ca9b2518cc049ad47ab159f47675c0199fc812b6bc5a0584616b220aexe.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7313bba3ca9b2518cc049ad47ab159f47675c0199fc812b6bc5a0584616b220aexe.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
vqpF.#;cCodu - Email To:
[email protected]
Targets
-
-
Target
7313bba3ca9b2518cc049ad47ab159f47675c0199fc812b6bc5a0584616b220aexe.exe
-
Size
1008KB
-
MD5
c556abc2e04d6889cf0a059f9133af60
-
SHA1
80d768a65c200d34517bdf788e8ae649e4f4addf
-
SHA256
7313bba3ca9b2518cc049ad47ab159f47675c0199fc812b6bc5a0584616b220a
-
SHA512
1b766194cf4c7419366f9c05d1ba58ead14413125ce309825d4cd607edb4cb49bee7d4af46397df9d9bf27ea3418d96f642932ef068ea403f89a91b7e29162f7
-
SSDEEP
24576:p1tk+pJ16fvFeZ81CAH9ddcuq+vHWH32M4L:rZJUf9HH9Euqn32r
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-