General
-
Target
dcbddff42e50fade6b316fdc7318a4bd625ce6aee2fabd2e51c2b41d81496622
-
Size
693KB
-
Sample
231207-c5t92saea5
-
MD5
b918aa89a363f91295ee9999b77d65f9
-
SHA1
8227eafe3186f49bef2b63d2c32bd3b1c50e11c0
-
SHA256
dcbddff42e50fade6b316fdc7318a4bd625ce6aee2fabd2e51c2b41d81496622
-
SHA512
9474577101f3f516e05a1c64b3b31500bf5f6343d9a47b913e240db8999bd5a09305fe58e152bab50f672860db807f417c2e7d7f9dffdc648841b2602847a5c6
-
SSDEEP
12288:XueH5qp5ImjiCLAj4b+lH7xUuQiePh3dQuKGcteTr4eN:FqAuDjb+Pf6hFKGAh
Static task
static1
Behavioral task
behavioral1
Sample
dcbddff42e50fade6b316fdc7318a4bd625ce6aee2fabd2e51c2b41d81496622.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
dcbddff42e50fade6b316fdc7318a4bd625ce6aee2fabd2e51c2b41d81496622.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gimpex-imerys.com - Port:
587 - Username:
[email protected] - Password:
h45ZVRb6(IMF - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.gimpex-imerys.com - Port:
587 - Username:
[email protected] - Password:
h45ZVRb6(IMF
Targets
-
-
Target
dcbddff42e50fade6b316fdc7318a4bd625ce6aee2fabd2e51c2b41d81496622
-
Size
693KB
-
MD5
b918aa89a363f91295ee9999b77d65f9
-
SHA1
8227eafe3186f49bef2b63d2c32bd3b1c50e11c0
-
SHA256
dcbddff42e50fade6b316fdc7318a4bd625ce6aee2fabd2e51c2b41d81496622
-
SHA512
9474577101f3f516e05a1c64b3b31500bf5f6343d9a47b913e240db8999bd5a09305fe58e152bab50f672860db807f417c2e7d7f9dffdc648841b2602847a5c6
-
SSDEEP
12288:XueH5qp5ImjiCLAj4b+lH7xUuQiePh3dQuKGcteTr4eN:FqAuDjb+Pf6hFKGAh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-