General
-
Target
e7f46dc7145e87eb0674a7b2b7b980a886defb6e8ad7a2caff796a3787a01dff
-
Size
422KB
-
Sample
231206-dp572saf49
-
MD5
a4b7d954a47d10725218d26512544394
-
SHA1
4d7a7b92c256927cb93d78896f278e8945ea0665
-
SHA256
e7f46dc7145e87eb0674a7b2b7b980a886defb6e8ad7a2caff796a3787a01dff
-
SHA512
ee7554af28b119016d04e1f3e6eae2296c9406e02835f6506bb255c4f606b3cde1ad655217a13d5d51796502047ec590179bb2a45db0433ffce437653a8ae977
-
SSDEEP
6144:Rxu7VAd87ZC/xmqXAtz9TqawD0vcOCbjcqmBuXUmiedMKhB2j9YDxTgCrC:Rxu7lZ4xmqg9TJtTCbjpmBR3MMluxTg
Static task
static1
Behavioral task
behavioral1
Sample
e7f46dc7145e87eb0674a7b2b7b980a886defb6e8ad7a2caff796a3787a01dff.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
e7f46dc7145e87eb0674a7b2b7b980a886defb6e8ad7a2caff796a3787a01dff.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webs20.futuresouls.com - Port:
587 - Username:
[email protected] - Password:
{dH9Kfx_zsj; - Email To:
[email protected]
Targets
-
-
Target
e7f46dc7145e87eb0674a7b2b7b980a886defb6e8ad7a2caff796a3787a01dff
-
Size
422KB
-
MD5
a4b7d954a47d10725218d26512544394
-
SHA1
4d7a7b92c256927cb93d78896f278e8945ea0665
-
SHA256
e7f46dc7145e87eb0674a7b2b7b980a886defb6e8ad7a2caff796a3787a01dff
-
SHA512
ee7554af28b119016d04e1f3e6eae2296c9406e02835f6506bb255c4f606b3cde1ad655217a13d5d51796502047ec590179bb2a45db0433ffce437653a8ae977
-
SSDEEP
6144:Rxu7VAd87ZC/xmqXAtz9TqawD0vcOCbjcqmBuXUmiedMKhB2j9YDxTgCrC:Rxu7lZ4xmqg9TJtTCbjpmBR3MMluxTg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-