General
-
Target
1907dca252731a3da009bb214a7290c2a5047e4eda8215b537ab6287822193d0
-
Size
826KB
-
Sample
231206-c5ejlaad64
-
MD5
7f295d83244cce3b74cba4d2b33b1586
-
SHA1
f3de94f604e3a7fcd3723ac33f4feb1bd205599f
-
SHA256
1907dca252731a3da009bb214a7290c2a5047e4eda8215b537ab6287822193d0
-
SHA512
12a49f15d7d4e281035440baca44a4849599ddb54aed3940774d2112697cfef2b555a78fbe739953fa874b355bec3a7fbc8292f1590c09a66171d62a44eab902
-
SSDEEP
24576:k5KtD/61IvtA6bDioG80knlydPUADYSz+PI:z6KlVbe38Jc5U/s+
Static task
static1
Behavioral task
behavioral1
Sample
1907dca252731a3da009bb214a7290c2a5047e4eda8215b537ab6287822193d0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
1907dca252731a3da009bb214a7290c2a5047e4eda8215b537ab6287822193d0.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.zqamcx.com - Port:
587 - Username:
[email protected] - Password:
Anambraeast@123 - Email To:
[email protected]
Targets
-
-
Target
1907dca252731a3da009bb214a7290c2a5047e4eda8215b537ab6287822193d0
-
Size
826KB
-
MD5
7f295d83244cce3b74cba4d2b33b1586
-
SHA1
f3de94f604e3a7fcd3723ac33f4feb1bd205599f
-
SHA256
1907dca252731a3da009bb214a7290c2a5047e4eda8215b537ab6287822193d0
-
SHA512
12a49f15d7d4e281035440baca44a4849599ddb54aed3940774d2112697cfef2b555a78fbe739953fa874b355bec3a7fbc8292f1590c09a66171d62a44eab902
-
SSDEEP
24576:k5KtD/61IvtA6bDioG80knlydPUADYSz+PI:z6KlVbe38Jc5U/s+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-