General
-
Target
22df8179643d2be4e46f0260396e1107c6203e66116d78662ddb4ab2244e4bcb
-
Size
639KB
-
Sample
240327-cnwfsaac39
-
MD5
6a562f665fc6f9ae83843150f96647a1
-
SHA1
72cd1f0c0176c5fef9b1931f76e7ffe17e267d8f
-
SHA256
22df8179643d2be4e46f0260396e1107c6203e66116d78662ddb4ab2244e4bcb
-
SHA512
fb34508d87dad2e0a64724554da78fd0e968e6cd7bfc1f2c45346fdce83d7e94a69fb0bfaf661a41e286c3685bfa7e8de7077daf260540e8bf5b70fa7f808a59
-
SSDEEP
12288:QWI7W+5gqaw02TeoMobEkU15L0l0P8Youz5DHmJ1Z7DzSB9T:Z10gnwfeoMo5Ubn5V4J1ZXzSBF
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE_MAR-74190-2024.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
INVOICE_MAR-74190-2024.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.thanhancompony.com - Port:
587 - Username:
[email protected] - Password:
aSkIhV^3 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.thanhancompony.com - Port:
587 - Username:
[email protected] - Password:
aSkIhV^3
Targets
-
-
Target
INVOICE_MAR-74190-2024.exe
-
Size
708KB
-
MD5
526e0265490c2074f9987249452af0a1
-
SHA1
4c7d438ebd1c703d315ad6d81823c9e2fc5e843a
-
SHA256
29f111addb7b0ee4904137337352fe86d3ed557508820cabb875a53ef24a6394
-
SHA512
d1fcac067acc40e687b6eff18993f71af809bffa0c558256676359152bbd17ef300b01d3bf76c8ae40c3b9f0aa5ee032cf3ead57bf40c0ce38c6c6b254c713dc
-
SSDEEP
12288:5CITHa5WB65wgIaWQrdeKMobaI2f1b0l0t8YyuF5bHKJ1tEM3H5iVCR:gyNB6SgpWyeKMox2N15JcJ1tEMJD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-