General
-
Target
ca4f67cfea7c66c6a46c0a7ab0564260836aacd3bb50dde935672f1be920dbaf
-
Size
373KB
-
Sample
231213-bpec8aeagl
-
MD5
5e0108b8d42ce8169e28692e0f144b98
-
SHA1
292ece7e8e65348339bdd9c8fc1c2371f39a1b16
-
SHA256
ca4f67cfea7c66c6a46c0a7ab0564260836aacd3bb50dde935672f1be920dbaf
-
SHA512
217c5f05f044cab4288d8acedcdb7b2d9afcea6b68c9bccf80baed983e66164abd0e51de2245459da8ec2435a229e7d6735435d452123c5a0e5422975b4d8603
-
SSDEEP
6144:utStuRpDW2mzTcE8YedXudHL/SEOAzqI3dKWP6IkR9fTIlVmJCf5/YJg+lEjqJE:uktuR9W2wTcE8/dedrSKl3ws65VElVEC
Static task
static1
Behavioral task
behavioral1
Sample
ca4f67cfea7c66c6a46c0a7ab0564260836aacd3bb50dde935672f1be920dbaf.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
ca4f67cfea7c66c6a46c0a7ab0564260836aacd3bb50dde935672f1be920dbaf.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
Kene123456789 - Email To:
[email protected]
Targets
-
-
Target
ca4f67cfea7c66c6a46c0a7ab0564260836aacd3bb50dde935672f1be920dbaf
-
Size
373KB
-
MD5
5e0108b8d42ce8169e28692e0f144b98
-
SHA1
292ece7e8e65348339bdd9c8fc1c2371f39a1b16
-
SHA256
ca4f67cfea7c66c6a46c0a7ab0564260836aacd3bb50dde935672f1be920dbaf
-
SHA512
217c5f05f044cab4288d8acedcdb7b2d9afcea6b68c9bccf80baed983e66164abd0e51de2245459da8ec2435a229e7d6735435d452123c5a0e5422975b4d8603
-
SSDEEP
6144:utStuRpDW2mzTcE8YedXudHL/SEOAzqI3dKWP6IkR9fTIlVmJCf5/YJg+lEjqJE:uktuR9W2wTcE8/dedrSKl3ws65VElVEC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-