General
-
Target
details.bat
-
Size
705KB
-
Sample
240326-dl9fascd83
-
MD5
d8e84b5e26d9355e503d3ff632d05018
-
SHA1
fa8339ec7c63a954d077471ace9a7a2eb01719d5
-
SHA256
2cd1dbdda80466cde0fceaf2f8cadebe954bff64bb313821969451569c958add
-
SHA512
f614c9ced750222de6fef31e9c7d23022683b6907551e604e8c7d49630e76694c78929c53a6e4251e6e783e06a82a573f276d7b7770d17925b1c2b25f8f1652d
-
SSDEEP
12288:X8+pDta5WLKX+HCEK3URU666WXiOLnMfnTw8W6qqPrLsRzkamLBqFKyv2Dv0g/k2:5LTH5GgWSgMPs69PrLsRzkR9qH2DvTk2
Static task
static1
Behavioral task
behavioral1
Sample
details.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
details.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.itresinc.com - Port:
587 - Username:
[email protected] - Password:
MT]ANFjWzKTA
Extracted
agenttesla
Protocol: smtp- Host:
mail.itresinc.com - Port:
587 - Username:
[email protected] - Password:
MT]ANFjWzKTA - Email To:
[email protected]
Targets
-
-
Target
details.bat
-
Size
705KB
-
MD5
d8e84b5e26d9355e503d3ff632d05018
-
SHA1
fa8339ec7c63a954d077471ace9a7a2eb01719d5
-
SHA256
2cd1dbdda80466cde0fceaf2f8cadebe954bff64bb313821969451569c958add
-
SHA512
f614c9ced750222de6fef31e9c7d23022683b6907551e604e8c7d49630e76694c78929c53a6e4251e6e783e06a82a573f276d7b7770d17925b1c2b25f8f1652d
-
SSDEEP
12288:X8+pDta5WLKX+HCEK3URU666WXiOLnMfnTw8W6qqPrLsRzkamLBqFKyv2Dv0g/k2:5LTH5GgWSgMPs69PrLsRzkR9qH2DvTk2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-