General
-
Target
f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550
-
Size
647KB
-
Sample
231213-clm2magaf4
-
MD5
0ce516b074c9ba37924e70026d79f71b
-
SHA1
ef18a0df0fe4263f89e2dd9f1dd831e0cef97da5
-
SHA256
f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550
-
SHA512
7a270449a49ada4b55d943cc774ae9f7801e9ff9a556bc40d66832a315f9d94d6c2c58ae6558afa46229640719e7c0e57549cc7dfcb0f2d23e7c4875d39589c2
-
SSDEEP
12288:ej3IU8S6eUddWAViG+nKGYfm25jKzvIWyFODy66KiP7R0q:eTItSAddWAR+nKGYdx/Wyo6Kan
Static task
static1
Behavioral task
behavioral1
Sample
f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550.exe
Resource
win7-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tecnosilos.com.py - Port:
587 - Username:
[email protected] - Password:
dX,@;SPvm;h{ - Email To:
[email protected]
Targets
-
-
Target
f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550
-
Size
647KB
-
MD5
0ce516b074c9ba37924e70026d79f71b
-
SHA1
ef18a0df0fe4263f89e2dd9f1dd831e0cef97da5
-
SHA256
f96e4bc426c83f667041971fb359fd9c772b1f16bb0a0aa362ae5db1e2086550
-
SHA512
7a270449a49ada4b55d943cc774ae9f7801e9ff9a556bc40d66832a315f9d94d6c2c58ae6558afa46229640719e7c0e57549cc7dfcb0f2d23e7c4875d39589c2
-
SSDEEP
12288:ej3IU8S6eUddWAViG+nKGYfm25jKzvIWyFODy66KiP7R0q:eTItSAddWAR+nKGYdx/Wyo6Kan
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-