General
-
Target
9e116c7ad15ab3e51b9b076366c9e07249cae7e956df49abe83c5db7e309b81bexe.exe
-
Size
693KB
-
Sample
231207-x7pskaga7y
-
MD5
1efe5ce8f6e99361179bff600d2407da
-
SHA1
3238f5541bd4d9de31b1e3c2ff130a83124f082f
-
SHA256
9e116c7ad15ab3e51b9b076366c9e07249cae7e956df49abe83c5db7e309b81b
-
SHA512
ad8d2d20310071fa16ca018814421fb84a8e473f5381e4e3caedfa3e50527160c3fc601e1a9c2eded89fedc741eb11b7d2328f6ad389dce1e104884884a286d2
-
SSDEEP
12288:KueH5qc86l+Jv2udDznSU5n0CN7G4GVQ/SiNqZGkpCw0lLe:uqhm+h2qSYgk/SighUl
Static task
static1
Behavioral task
behavioral1
Sample
9e116c7ad15ab3e51b9b076366c9e07249cae7e956df49abe83c5db7e309b81bexe.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
9e116c7ad15ab3e51b9b076366c9e07249cae7e956df49abe83c5db7e309b81bexe.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.coaatja.com - Port:
587 - Username:
[email protected] - Password:
consuelo63 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.coaatja.com - Port:
587 - Username:
[email protected] - Password:
consuelo63
Targets
-
-
Target
9e116c7ad15ab3e51b9b076366c9e07249cae7e956df49abe83c5db7e309b81bexe.exe
-
Size
693KB
-
MD5
1efe5ce8f6e99361179bff600d2407da
-
SHA1
3238f5541bd4d9de31b1e3c2ff130a83124f082f
-
SHA256
9e116c7ad15ab3e51b9b076366c9e07249cae7e956df49abe83c5db7e309b81b
-
SHA512
ad8d2d20310071fa16ca018814421fb84a8e473f5381e4e3caedfa3e50527160c3fc601e1a9c2eded89fedc741eb11b7d2328f6ad389dce1e104884884a286d2
-
SSDEEP
12288:KueH5qc86l+Jv2udDznSU5n0CN7G4GVQ/SiNqZGkpCw0lLe:uqhm+h2qSYgk/SighUl
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-