General
-
Target
a54bdfd7f51995ad8a88069e6fbd9ab871f417a0c0e28c4b3f947df7294fd984
-
Size
825KB
-
Sample
240327-ckzc9sdb4y
-
MD5
9150335b9722db3ce86ee373d198ba3b
-
SHA1
2d00f59ab55967f9b2ac2067d9c54e7ebd95385e
-
SHA256
a54bdfd7f51995ad8a88069e6fbd9ab871f417a0c0e28c4b3f947df7294fd984
-
SHA512
e8580037fb2ccfc10b110514e01af9dc7b790f43cc353ca2d48cbeb558644b957a1750a2add2c267704009ffa168bd92f8689d4fb7d9a44f4bc32f9e000b1ab2
-
SSDEEP
24576:6c1G2yohVF7hd88ZUM7wmy+2YVck569s6nnjqKoe:R1G2FhV93P65kcfLjqKoe
Static task
static1
Behavioral task
behavioral1
Sample
a54bdfd7f51995ad8a88069e6fbd9ab871f417a0c0e28c4b3f947df7294fd984.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a54bdfd7f51995ad8a88069e6fbd9ab871f417a0c0e28c4b3f947df7294fd984.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cherubimsecurityforce.com - Port:
587 - Username:
[email protected] - Password:
alwarpet538 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.cherubimsecurityforce.com - Port:
587 - Username:
[email protected] - Password:
alwarpet538
Targets
-
-
Target
a54bdfd7f51995ad8a88069e6fbd9ab871f417a0c0e28c4b3f947df7294fd984
-
Size
825KB
-
MD5
9150335b9722db3ce86ee373d198ba3b
-
SHA1
2d00f59ab55967f9b2ac2067d9c54e7ebd95385e
-
SHA256
a54bdfd7f51995ad8a88069e6fbd9ab871f417a0c0e28c4b3f947df7294fd984
-
SHA512
e8580037fb2ccfc10b110514e01af9dc7b790f43cc353ca2d48cbeb558644b957a1750a2add2c267704009ffa168bd92f8689d4fb7d9a44f4bc32f9e000b1ab2
-
SSDEEP
24576:6c1G2yohVF7hd88ZUM7wmy+2YVck569s6nnjqKoe:R1G2FhV93P65kcfLjqKoe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-