General
-
Target
df878f3bd7f03935a56a481ca97941a8
-
Size
730KB
-
Sample
240326-s7p14sdd83
-
MD5
df878f3bd7f03935a56a481ca97941a8
-
SHA1
87955f17139a3ed9feb7fad3945d161b7e7e3e87
-
SHA256
285a78cb3c2523399e902b0b0ec8d9636aece23c690c64517dbeadbc359ad187
-
SHA512
f6ad1c002e06ef5379e2d7ce88dc84f275269456203c09d087480868d798ca7b30a841654441125021ca5febd46bb71d6e7b8ffd8b4cdabaf1889ace8e6416e5
-
SSDEEP
12288:JLpzfvHK7zG1UP+xIZBia56qiUtsKKMuFnUwKPXy:bzKWUP+dnqiwGFnUwKPX
Static task
static1
Behavioral task
behavioral1
Sample
df878f3bd7f03935a56a481ca97941a8.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
df878f3bd7f03935a56a481ca97941a8.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kenmascs.com - Port:
587 - Username:
[email protected] - Password:
Kenya254! - Email To:
[email protected]
Targets
-
-
Target
df878f3bd7f03935a56a481ca97941a8
-
Size
730KB
-
MD5
df878f3bd7f03935a56a481ca97941a8
-
SHA1
87955f17139a3ed9feb7fad3945d161b7e7e3e87
-
SHA256
285a78cb3c2523399e902b0b0ec8d9636aece23c690c64517dbeadbc359ad187
-
SHA512
f6ad1c002e06ef5379e2d7ce88dc84f275269456203c09d087480868d798ca7b30a841654441125021ca5febd46bb71d6e7b8ffd8b4cdabaf1889ace8e6416e5
-
SSDEEP
12288:JLpzfvHK7zG1UP+xIZBia56qiUtsKKMuFnUwKPXy:bzKWUP+dnqiwGFnUwKPX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-