General
-
Target
07486c105833148668a1f022367f83df2ab0091bf92568bb0a1ca961fe9bb5ac
-
Size
564KB
-
Sample
231206-epsgmaba88
-
MD5
55b9877de436e5f2201948249046573a
-
SHA1
e59a35eb2aac778985c6501a99990c893886234e
-
SHA256
07486c105833148668a1f022367f83df2ab0091bf92568bb0a1ca961fe9bb5ac
-
SHA512
45f7cde86008f4604da4cb6ed8bd246ebb8533c188492c997946c7e0d347844538ead63184900895d5d8e54f0f963237fdb29dada45c4f306bc907f61d074ef6
-
SSDEEP
12288:9uV4B/m8lVmR64OJlTl/5MlSjp9kBnK852gxcfpvfHTcBI8SRFUwUBJeS2jA3a:9fdPmR6Vl0XKC9mXHTN82FUwUHeSnq
Static task
static1
Behavioral task
behavioral1
Sample
00158048022558621.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
00158048022558621.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ardsmmm.com - Port:
587 - Username:
[email protected] - Password:
Ard2015** - Email To:
[email protected]
Targets
-
-
Target
00158048022558621.exe
-
Size
678KB
-
MD5
8058fc91a2fb25f68844666f0babfdd3
-
SHA1
cd16874f02c71ea7fec3bceff54532e70c7152b0
-
SHA256
295b33ab6ac30b1a9cfe34fa15078e824635fe92aee746ce4882766d2060b5b3
-
SHA512
158b8d7d1a557cea9310e307d41b3d2d4261171adaa7cd09eca50430f5767c8815cc5ed5e671255bf710507cc90615722ad9db2f4d229095beae67c2f98f7aea
-
SSDEEP
12288:2BhdQCyrzWxWreQRqf53zxeagDSN97vBBL8VlRz+d7BR6wT:23dtQzWxWd6UINxvBBL8/cpB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-