General
-
Target
Rendelés_(PO5042208)_Az Idumont.hta
-
Size
9KB
-
Sample
240212-wh1cbscd74
-
MD5
0766fff13fcd69232a01442507c7faaf
-
SHA1
e559fef859f0da7dbb27ee0ee81b68f759b8772a
-
SHA256
5f86822a5a049aaa09d6f11ad557f4c2ae8ce57b37daa6b00658fff4ee1ce090
-
SHA512
ae8bc05b1233b8495f18a3f11ebbd2a5e2ad8345b3eed593ef4885a76eff74fa5f9a11f150b087dfea1fba9a29d0ae8ac8107d7da5de7e5abdf848a1c8b68988
-
SSDEEP
192:sv0r6VP2SMNXVBVLkC6YWILLDFDNk6cl26nWc8t9embQV:sv0rwQvDwhMDxNkmV9embm
Static task
static1
Behavioral task
behavioral1
Sample
Rendelés_(PO5042208)_Az Idumont.hta
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Rendelés_(PO5042208)_Az Idumont.hta
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cxtopy.top - Port:
587 - Username:
[email protected] - Password:
xD[cB(Qr33#+ - Email To:
[email protected]
Targets
-
-
Target
Rendelés_(PO5042208)_Az Idumont.hta
-
Size
9KB
-
MD5
0766fff13fcd69232a01442507c7faaf
-
SHA1
e559fef859f0da7dbb27ee0ee81b68f759b8772a
-
SHA256
5f86822a5a049aaa09d6f11ad557f4c2ae8ce57b37daa6b00658fff4ee1ce090
-
SHA512
ae8bc05b1233b8495f18a3f11ebbd2a5e2ad8345b3eed593ef4885a76eff74fa5f9a11f150b087dfea1fba9a29d0ae8ac8107d7da5de7e5abdf848a1c8b68988
-
SSDEEP
192:sv0r6VP2SMNXVBVLkC6YWILLDFDNk6cl26nWc8t9embQV:sv0rwQvDwhMDxNkmV9embm
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-