General
-
Target
f588b64b0a34f38e311c2f45c234968f4f974ac4649c25e19cb20587de895f6b
-
Size
8.0MB
-
Sample
231206-d7qkbaah53
-
MD5
3415d0d8eb2143284827fe443a317dc1
-
SHA1
ae927f104a4755cf28204e1818a7f7cdca484485
-
SHA256
f588b64b0a34f38e311c2f45c234968f4f974ac4649c25e19cb20587de895f6b
-
SHA512
cde4cb9981d8bb2114821aa0f66a2b5db472730067c7a40ed4b3f8cb7c733eb8bd37ae413ad74670bf76ce31e498fb4af83cd60fc50ccec2dd49a0f39796ad83
-
SSDEEP
98304:AddhXpr5FO4qPdudczq7a/e1QCyTxvDWHQg2RMYKqUrNqEK:AdXXpr5FO4qVudrIxvCj2RfKqUrNqT
Static task
static1
Behavioral task
behavioral1
Sample
f588b64b0a34f38e311c2f45c234968f4f974ac4649c25e19cb20587de895f6b.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
f588b64b0a34f38e311c2f45c234968f4f974ac4649c25e19cb20587de895f6b.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.marinasands.gr - Port:
587 - Username:
[email protected] - Password:
2WKm}0K~,RiV - Email To:
[email protected]
Targets
-
-
Target
f588b64b0a34f38e311c2f45c234968f4f974ac4649c25e19cb20587de895f6b
-
Size
8.0MB
-
MD5
3415d0d8eb2143284827fe443a317dc1
-
SHA1
ae927f104a4755cf28204e1818a7f7cdca484485
-
SHA256
f588b64b0a34f38e311c2f45c234968f4f974ac4649c25e19cb20587de895f6b
-
SHA512
cde4cb9981d8bb2114821aa0f66a2b5db472730067c7a40ed4b3f8cb7c733eb8bd37ae413ad74670bf76ce31e498fb4af83cd60fc50ccec2dd49a0f39796ad83
-
SSDEEP
98304:AddhXpr5FO4qPdudczq7a/e1QCyTxvDWHQg2RMYKqUrNqEK:AdXXpr5FO4qVudrIxvCj2RfKqUrNqT
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-