General
-
Target
54c1fe05f8adf4d5059999e869673c72f1a59f43020f7bd1069225113f7c866c
-
Size
861KB
-
Sample
231207-cc6glsacd2
-
MD5
522a508bf59d08937bd5146c02664470
-
SHA1
1a26db4a8370d80e05a24d2f3381345bd52cbd42
-
SHA256
54c1fe05f8adf4d5059999e869673c72f1a59f43020f7bd1069225113f7c866c
-
SHA512
6246780365f25ae82e386ae81ecb877409ac9d83eb1a601b4889600cbc19a3a2178034165822b96dbec31f9d6ea83f7f2f5936977be7cd139a408ae562d5b128
-
SSDEEP
12288:775nF8pREGHTbY7czEA5dj/vYLCBFUIEj1oeC6XnmoooxzVx0Z7XI1kVKoAqI1hs:XmY7zkj3Y2BEjGeF7DGng1TkZ
Static task
static1
Behavioral task
behavioral1
Sample
54c1fe05f8adf4d5059999e869673c72f1a59f43020f7bd1069225113f7c866c.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
54c1fe05f8adf4d5059999e869673c72f1a59f43020f7bd1069225113f7c866c.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.tgprok.co.za - Port:
587 - Username:
[email protected] - Password:
Beretta.93x62!!
Extracted
agenttesla
Protocol: smtp- Host:
mail.tgprok.co.za - Port:
587 - Username:
[email protected] - Password:
Beretta.93x62!! - Email To:
[email protected]
Targets
-
-
Target
54c1fe05f8adf4d5059999e869673c72f1a59f43020f7bd1069225113f7c866c
-
Size
861KB
-
MD5
522a508bf59d08937bd5146c02664470
-
SHA1
1a26db4a8370d80e05a24d2f3381345bd52cbd42
-
SHA256
54c1fe05f8adf4d5059999e869673c72f1a59f43020f7bd1069225113f7c866c
-
SHA512
6246780365f25ae82e386ae81ecb877409ac9d83eb1a601b4889600cbc19a3a2178034165822b96dbec31f9d6ea83f7f2f5936977be7cd139a408ae562d5b128
-
SSDEEP
12288:775nF8pREGHTbY7czEA5dj/vYLCBFUIEj1oeC6XnmoooxzVx0Z7XI1kVKoAqI1hs:XmY7zkj3Y2BEjGeF7DGng1TkZ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-