General
-
Target
e5dddee3a42599e75396f0668e560aed886b995d0f4618c6d81207cd433e85df
-
Size
2.3MB
-
Sample
231208-ractvaabdm
-
MD5
6004c0cdffdf116879d88f9898738228
-
SHA1
e8de63f3205bc5483308ab088eec331f56737502
-
SHA256
e5dddee3a42599e75396f0668e560aed886b995d0f4618c6d81207cd433e85df
-
SHA512
ee26398eef63d0dc6bc91df741fd59febd0e187bb57123a606296dd5398e94bd0547658baa5b9802679468907e9433750bb57513b8bd9e66249f586b22d97381
-
SSDEEP
49152:LboFAXbWg7uiJlwxkJy9gN2hDzDfr02/eQYGpwt:Y7gqHhg
Static task
static1
Behavioral task
behavioral1
Sample
e5dddee3a42599e75396f0668e560aed886b995d0f4618c6d81207cd433e85df.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
e5dddee3a42599e75396f0668e560aed886b995d0f4618c6d81207cd433e85df.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
Tommyduru8118 - Email To:
[email protected]
Targets
-
-
Target
e5dddee3a42599e75396f0668e560aed886b995d0f4618c6d81207cd433e85df
-
Size
2.3MB
-
MD5
6004c0cdffdf116879d88f9898738228
-
SHA1
e8de63f3205bc5483308ab088eec331f56737502
-
SHA256
e5dddee3a42599e75396f0668e560aed886b995d0f4618c6d81207cd433e85df
-
SHA512
ee26398eef63d0dc6bc91df741fd59febd0e187bb57123a606296dd5398e94bd0547658baa5b9802679468907e9433750bb57513b8bd9e66249f586b22d97381
-
SSDEEP
49152:LboFAXbWg7uiJlwxkJy9gN2hDzDfr02/eQYGpwt:Y7gqHhg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-