General
-
Target
31dd42f85893cd5e7db1645bb8eae25f792c11be8eeeb602ac89148afb60becbexe.exe
-
Size
357KB
-
Sample
231205-wyr1wsdh6y
-
MD5
019012e11fcf33bde064894821cd84b7
-
SHA1
082751450a7064dfbfeb43f34a34be2ba3b24eac
-
SHA256
31dd42f85893cd5e7db1645bb8eae25f792c11be8eeeb602ac89148afb60becb
-
SHA512
3eafa84ce7add46b1ce7798ed361b42505c6d5b148543ee6b1c0cb7ad3b030800d0e75a0778d2bf51a67409a055d9eac01d9f10f67a6e002af1d152ab6afea00
-
SSDEEP
6144:kARcM3CjleuEn1IETITGx5PmCyxq70y5BDG9DnSgiobI+H5/8b:VRcM3CC1zZXf70nypi2
Static task
static1
Behavioral task
behavioral1
Sample
31dd42f85893cd5e7db1645bb8eae25f792c11be8eeeb602ac89148afb60becbexe.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
31dd42f85893cd5e7db1645bb8eae25f792c11be8eeeb602ac89148afb60becbexe.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
kex#-rHjHM4qKk52 - Email To:
[email protected]
Targets
-
-
Target
31dd42f85893cd5e7db1645bb8eae25f792c11be8eeeb602ac89148afb60becbexe.exe
-
Size
357KB
-
MD5
019012e11fcf33bde064894821cd84b7
-
SHA1
082751450a7064dfbfeb43f34a34be2ba3b24eac
-
SHA256
31dd42f85893cd5e7db1645bb8eae25f792c11be8eeeb602ac89148afb60becb
-
SHA512
3eafa84ce7add46b1ce7798ed361b42505c6d5b148543ee6b1c0cb7ad3b030800d0e75a0778d2bf51a67409a055d9eac01d9f10f67a6e002af1d152ab6afea00
-
SSDEEP
6144:kARcM3CjleuEn1IETITGx5PmCyxq70y5BDG9DnSgiobI+H5/8b:VRcM3CC1zZXf70nypi2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-