General
-
Target
695563354441fc8c699c72d4ac22a1e9df87afab38b5f9ff418b2ef6a67c804f
-
Size
731KB
-
Sample
240327-ck9h8sdb5y
-
MD5
cf16d51e847a9c3b7f06b029a99434c9
-
SHA1
fad1096046b9577714d9c37b3fde543b072e0935
-
SHA256
695563354441fc8c699c72d4ac22a1e9df87afab38b5f9ff418b2ef6a67c804f
-
SHA512
8df85f5774a927f6795073f0263a8f078202d6abdabef9f84cf52764ad488c729e75db1919073d1dd4a65bb06a8e84e664884fe9cd09522c8eaba745b4e4cd80
-
SSDEEP
12288:FC76ya5WiQSwmhsDJRxWKn7w2JvOwiRml1I7OyzPKs6QT4Nw9HA2qTtkR:s7628Xhs1fWKn7VvOO2XPKWTbAZ0
Static task
static1
Behavioral task
behavioral1
Sample
695563354441fc8c699c72d4ac22a1e9df87afab38b5f9ff418b2ef6a67c804f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
695563354441fc8c699c72d4ac22a1e9df87afab38b5f9ff418b2ef6a67c804f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scannerhacker.com - Port:
587 - Username:
[email protected] - Password:
VH%xMhCW$I[l - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.scannerhacker.com - Port:
587 - Username:
[email protected] - Password:
VH%xMhCW$I[l
Targets
-
-
Target
695563354441fc8c699c72d4ac22a1e9df87afab38b5f9ff418b2ef6a67c804f
-
Size
731KB
-
MD5
cf16d51e847a9c3b7f06b029a99434c9
-
SHA1
fad1096046b9577714d9c37b3fde543b072e0935
-
SHA256
695563354441fc8c699c72d4ac22a1e9df87afab38b5f9ff418b2ef6a67c804f
-
SHA512
8df85f5774a927f6795073f0263a8f078202d6abdabef9f84cf52764ad488c729e75db1919073d1dd4a65bb06a8e84e664884fe9cd09522c8eaba745b4e4cd80
-
SSDEEP
12288:FC76ya5WiQSwmhsDJRxWKn7w2JvOwiRml1I7OyzPKs6QT4Nw9HA2qTtkR:s7628Xhs1fWKn7VvOO2XPKWTbAZ0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1