General
-
Target
6517be0ad6c3d08f0a7643268e616400ca30fff6fef58c823d6b4c05c838b634
-
Size
658KB
-
Sample
231209-cjsjbsebdj
-
MD5
b087af830bd6a458dfcb3d2f84c1d33a
-
SHA1
0a631f914b663df5e8d8a1fce9acd6efe47d52a9
-
SHA256
6517be0ad6c3d08f0a7643268e616400ca30fff6fef58c823d6b4c05c838b634
-
SHA512
cce3562355f91603e135808ea89587ef4968ad5ee9f0c4aa0b2a736fe0e31174d66bd6ff2c68acfbd3219c8e71ee3791c4ff47c184150fa96e68406822b09de7
-
SSDEEP
12288:j1hkZ5OkjA7iqT/1jeFSTz+OWNtBPL6KLlgJIn5Wn+fPEFFSfC4V:BK/SiC/1aFSMnLkJInE26ofCW
Static task
static1
Behavioral task
behavioral1
Sample
6517be0ad6c3d08f0a7643268e616400ca30fff6fef58c823d6b4c05c838b634.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
6517be0ad6c3d08f0a7643268e616400ca30fff6fef58c823d6b4c05c838b634.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tecnosilos.com.py - Port:
587 - Username:
[email protected] - Password:
dX,@;SPvm;h{ - Email To:
[email protected]
Targets
-
-
Target
6517be0ad6c3d08f0a7643268e616400ca30fff6fef58c823d6b4c05c838b634
-
Size
658KB
-
MD5
b087af830bd6a458dfcb3d2f84c1d33a
-
SHA1
0a631f914b663df5e8d8a1fce9acd6efe47d52a9
-
SHA256
6517be0ad6c3d08f0a7643268e616400ca30fff6fef58c823d6b4c05c838b634
-
SHA512
cce3562355f91603e135808ea89587ef4968ad5ee9f0c4aa0b2a736fe0e31174d66bd6ff2c68acfbd3219c8e71ee3791c4ff47c184150fa96e68406822b09de7
-
SSDEEP
12288:j1hkZ5OkjA7iqT/1jeFSTz+OWNtBPL6KLlgJIn5Wn+fPEFFSfC4V:BK/SiC/1aFSMnLkJInE26ofCW
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-