General
-
Target
804e6c9e35ced60e4f63166b0b1e6431
-
Size
404KB
-
Sample
240129-tx163afeal
-
MD5
804e6c9e35ced60e4f63166b0b1e6431
-
SHA1
0617a7247a93933fa72cc17a369467a393847734
-
SHA256
696f8a6a73cfa9a84daf49781b0bd93e3a6ce36cda1330450b511706983dccb4
-
SHA512
0db3813f8fc5df8ed83a93ba44927e7e8134b5c30a45bcb0f3d003f92a04ebbfb81310fa79481c583a05638ce5b0ed0dead9ec9c07d71cb0ed2a4a424e26c184
-
SSDEEP
12288:6aOR+AzP3tHBHxFnT+VQaL95JcrzQURul5lAbUJ8EVPG:6T8ATlBRkVz9IzjR6
Static task
static1
Behavioral task
behavioral1
Sample
804e6c9e35ced60e4f63166b0b1e6431.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
804e6c9e35ced60e4f63166b0b1e6431.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mediszintech.com - Port:
587 - Username:
a.nuber@mediszintech.com - Password:
TC!%EOL8
Targets
-
-
Target
804e6c9e35ced60e4f63166b0b1e6431
-
Size
404KB
-
MD5
804e6c9e35ced60e4f63166b0b1e6431
-
SHA1
0617a7247a93933fa72cc17a369467a393847734
-
SHA256
696f8a6a73cfa9a84daf49781b0bd93e3a6ce36cda1330450b511706983dccb4
-
SHA512
0db3813f8fc5df8ed83a93ba44927e7e8134b5c30a45bcb0f3d003f92a04ebbfb81310fa79481c583a05638ce5b0ed0dead9ec9c07d71cb0ed2a4a424e26c184
-
SSDEEP
12288:6aOR+AzP3tHBHxFnT+VQaL95JcrzQURul5lAbUJ8EVPG:6T8ATlBRkVz9IzjR6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-