General
-
Target
e2077019f2ba65a57e9904cd1a6cc8a532ae7dfdbde9df85fa99d0d6a82ae781
-
Size
720KB
-
Sample
231206-da5b7sae36
-
MD5
28009def89fe4738b6d7ff8993a3c592
-
SHA1
86314e9abb6cce195df9b80a41cc677e4f3e584e
-
SHA256
e2077019f2ba65a57e9904cd1a6cc8a532ae7dfdbde9df85fa99d0d6a82ae781
-
SHA512
2b3e1baa928ebd5a90efbd38374bedc338bd5f7ddabc7093a06f4636619c7694a3462325a91ffa974b4528b25a4aef5cef27fc30c5d9d0b222204079c44b662d
-
SSDEEP
12288:TW+t5nF8ME6jD/6T3XEXyYLDcgU77CMfdKLjzbrKyIPXEbLp2aD0YwDhi:LPtD/6TXYLDR0GMfMjIEIYE
Static task
static1
Behavioral task
behavioral1
Sample
e2077019f2ba65a57e9904cd1a6cc8a532ae7dfdbde9df85fa99d0d6a82ae781.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
e2077019f2ba65a57e9904cd1a6cc8a532ae7dfdbde9df85fa99d0d6a82ae781.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.asiaparadisehotel.com - Port:
587 - Username:
[email protected] - Password:
KTNL)LqQaA(8 - Email To:
[email protected]
Targets
-
-
Target
e2077019f2ba65a57e9904cd1a6cc8a532ae7dfdbde9df85fa99d0d6a82ae781
-
Size
720KB
-
MD5
28009def89fe4738b6d7ff8993a3c592
-
SHA1
86314e9abb6cce195df9b80a41cc677e4f3e584e
-
SHA256
e2077019f2ba65a57e9904cd1a6cc8a532ae7dfdbde9df85fa99d0d6a82ae781
-
SHA512
2b3e1baa928ebd5a90efbd38374bedc338bd5f7ddabc7093a06f4636619c7694a3462325a91ffa974b4528b25a4aef5cef27fc30c5d9d0b222204079c44b662d
-
SSDEEP
12288:TW+t5nF8ME6jD/6T3XEXyYLDcgU77CMfdKLjzbrKyIPXEbLp2aD0YwDhi:LPtD/6TXYLDR0GMfMjIEIYE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-