General
-
Target
06122023_1509_06122023_P.O #2199982214.zip
-
Size
613KB
-
Sample
231206-hytb3acd58
-
MD5
13544d35fb141b9d618f85b26173fe96
-
SHA1
5b1125b4c8bc1eb207e29ccf6e1a9355a3eee084
-
SHA256
f55a3d6f16305febfb69e8c217712a1e280965a77f443ba8d23a3a84d6670de3
-
SHA512
a590cee214e99a64fb83cca044b5dcaac3731b42574720f413837f3ead09026066f9e75b4615818cc25027d637ee41bbc27a6b543e716f7523ba57dccb7a0777
-
SSDEEP
12288:I7cPAhEOFkj/iHIZIt3iubNLWrEo299aVb7Sr/9UlRmsJ9/4Eyd:GcoaOFBttSIW88VvAUlRmG4dd
Static task
static1
Behavioral task
behavioral1
Sample
P.O #2199982214.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
P.O #2199982214.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gimpex-imerys.com - Port:
587 - Username:
[email protected] - Password:
h45ZVRb6(IMF - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.gimpex-imerys.com - Port:
587 - Username:
[email protected] - Password:
h45ZVRb6(IMF
Targets
-
-
Target
P.O #2199982214.exe
-
Size
639KB
-
MD5
555fa4881f3f6dee809d9eb2dc043163
-
SHA1
b702e6beb3740a25a381b22ab5af9b9f7c9bd499
-
SHA256
3a9d4daa5b6a3d3df7252adefb661cb058b2d09bdfb70cf19d5f373ed01434c7
-
SHA512
bb465ba8f331452a58b826cce9cc7a269b85d2414edc8c3c4077c55ed21631175fbb8dddbd52d7c7416d82b9e814080beaae0d58833f927b77213d4cda11c65e
-
SSDEEP
12288:DhwQaueH5qp5ysTpneaj1sD4vjI9Hapb7MT/9IlrbZvmVq:DhUq/ysFlXw6pv8Il52
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-