General
-
Target
199aae05b551c6ff199636d951b24399a317a449c07e7f61b494928c0826f0b4
-
Size
913KB
-
Sample
231207-cdgjwaacd8
-
MD5
ff4cc696b1cdb8bd1f74ed8ffc0aa3aa
-
SHA1
96b3344b3ea1ff42da60847ed7f8e46937ca424d
-
SHA256
199aae05b551c6ff199636d951b24399a317a449c07e7f61b494928c0826f0b4
-
SHA512
3c61caa20149f656a5de2ab301ffb50b5fe9004e52480f6d5dacebd25e6b8add5e17276c19d021e8844a098d0af65041e1d918c950dd78281eb50b0d7978639a
-
SSDEEP
24576:xG/uGGqaNOhduMfh53kTf9GC6CvywQFrMx:0/uGGGnfzkT9HvxQFrMx
Static task
static1
Behavioral task
behavioral1
Sample
199aae05b551c6ff199636d951b24399a317a449c07e7f61b494928c0826f0b4.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
199aae05b551c6ff199636d951b24399a317a449c07e7f61b494928c0826f0b4.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
kex#-rHjHM4qKk52 - Email To:
[email protected]
Targets
-
-
Target
199aae05b551c6ff199636d951b24399a317a449c07e7f61b494928c0826f0b4
-
Size
913KB
-
MD5
ff4cc696b1cdb8bd1f74ed8ffc0aa3aa
-
SHA1
96b3344b3ea1ff42da60847ed7f8e46937ca424d
-
SHA256
199aae05b551c6ff199636d951b24399a317a449c07e7f61b494928c0826f0b4
-
SHA512
3c61caa20149f656a5de2ab301ffb50b5fe9004e52480f6d5dacebd25e6b8add5e17276c19d021e8844a098d0af65041e1d918c950dd78281eb50b0d7978639a
-
SSDEEP
24576:xG/uGGqaNOhduMfh53kTf9GC6CvywQFrMx:0/uGGGnfzkT9HvxQFrMx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-