General
-
Target
3431cb842330770cdcd77c7b18fb3825.bin
-
Size
662KB
-
Sample
240224-bv146sdg75
-
MD5
e42b2edea7c4666757139dd56ccc0f2a
-
SHA1
e8afe92d77bc326ab63b75a4d1e869b39cf927b5
-
SHA256
8a2ff741ef3d1386ee89e8d84be4f2fc4fb194ac321a687e70bdcc3908edf38b
-
SHA512
a812b5a026f8109c913c79393fdcdc0afbd0367cf0e369aa3703fe2bc42e469bbe47a11a7af1354143d8dddc7640b118f9102e9e32c0c246a511312bf7b9fe77
-
SSDEEP
12288:tpmzmcXgznKPN/ucOja9EE1mUHi3RFxrSWpFGcpqlTyeK1JB6vh5NsS8:tPqgzmNmja95UUYEWpLMlueK1n6v5sv
Static task
static1
Behavioral task
behavioral1
Sample
23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.itresinc.com - Port:
587 - Username:
[email protected] - Password:
MT]ANFjWzKTA - Email To:
[email protected]
Targets
-
-
Target
23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64.exe
-
Size
687KB
-
MD5
3431cb842330770cdcd77c7b18fb3825
-
SHA1
a2092b85970c2e60d0c697718516e8db18298608
-
SHA256
23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64
-
SHA512
f4dfbf95ffd52b8d413ee92b9132361b2a5ccfce3650229ac2cc67d8c66ce23104e7133ef0424c5e53c88564add291a947659e12851ffa83898507b119e5f730
-
SSDEEP
12288:ows/3P5Ujd53Llv+7UNJksS8xrmo3P2JBIBOV8vgmeS71Ovh:cBK5hTxrBv4S71s
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-