General
-
Target
6a12664a1e6175f01db3a563cfed56eefb889cc03d8d909e70f700ef2451d7d3
-
Size
803KB
-
Sample
231206-drgbpsaf57
-
MD5
e85252cf778cac3232c28a1394caa183
-
SHA1
aac2865bfaf52511c4f0a1128937962b040ee09b
-
SHA256
6a12664a1e6175f01db3a563cfed56eefb889cc03d8d909e70f700ef2451d7d3
-
SHA512
7b57bc1eab32bcc239bea531412952735a7e409df9cbf3a4245aaf890906be24aaa927fd493911b2b7a4d3ebecd911757e57f021ccdb53517e0f570d753e6a81
-
SSDEEP
24576:bRKtD/61IIeSNzgvzU48rt+NlF0v86BKqn8:w6KbSNzgLz2t+XF0E6BKD
Static task
static1
Behavioral task
behavioral1
Sample
6a12664a1e6175f01db3a563cfed56eefb889cc03d8d909e70f700ef2451d7d3.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
6a12664a1e6175f01db3a563cfed56eefb889cc03d8d909e70f700ef2451d7d3.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.oripam.xyz - Port:
587 - Username:
[email protected] - Password:
231Father@ - Email To:
[email protected]
Targets
-
-
Target
6a12664a1e6175f01db3a563cfed56eefb889cc03d8d909e70f700ef2451d7d3
-
Size
803KB
-
MD5
e85252cf778cac3232c28a1394caa183
-
SHA1
aac2865bfaf52511c4f0a1128937962b040ee09b
-
SHA256
6a12664a1e6175f01db3a563cfed56eefb889cc03d8d909e70f700ef2451d7d3
-
SHA512
7b57bc1eab32bcc239bea531412952735a7e409df9cbf3a4245aaf890906be24aaa927fd493911b2b7a4d3ebecd911757e57f021ccdb53517e0f570d753e6a81
-
SSDEEP
24576:bRKtD/61IIeSNzgvzU48rt+NlF0v86BKqn8:w6KbSNzgLz2t+XF0E6BKD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-