General
-
Target
a56724def86d4e6a660d12be80144e64.7z
-
Size
958KB
-
Sample
240107-ycwhascgdq
-
MD5
a56724def86d4e6a660d12be80144e64
-
SHA1
17dc38dfafcc5d59000d05dd60004e4f4bb380bc
-
SHA256
9d0a9c92839800f6145299028e8016f6f61b581fba682fef51d32aab652d1275
-
SHA512
2bc82fff6cfe754b81705bb12f04b4a0df799f2bf4b478d05a41a15e94ff55729cac037f79d3646b022fa7a0c13731cf0da35ff6efa4037a3eef5d19e73aff31
-
SSDEEP
24576:MveosOTqRPWPDe4/Bm4mw5HdOvUrx77kRJ5bM+Q1yrEf29dXQFUw:MvePbRPwl8BKdzd77khK1yofSxw
Static task
static1
Behavioral task
behavioral1
Sample
82658.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
82658.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.badonfashoin.com/ - Port:
21 - Username:
[email protected] - Password:
kKsIA9XNV2zG
Targets
-
-
Target
82658.exe
-
Size
1.3MB
-
MD5
23bce6c9e9ad0180c5e71ba1ab27df6a
-
SHA1
ca872d69913174f7810d104a674b53157f2a6507
-
SHA256
8866780810cd65684ba4c903d896da0760dfb0b85f2b9965d9d60bbfc60c94f6
-
SHA512
c86e8fd44bcb76ef442c0d2452fd5679507c72ce58358da5485701eea7c49fbd243b546f4b5a3a7a55175fac7bec3a8129ddd9c5558aa173d3ab74bc674ad332
-
SSDEEP
24576:QBOsBgo0q4wMzBmCmTOUd+L6kDXWL49wBXdO1UVG7kksP57MTQ1PqEf29mXQdQ:Q4oHM9mCm6Ud+zDXmo0dR47kko71P1fz
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-