General
-
Target
b724752855a6406ad4925cb41112aecf.bin
-
Size
673KB
-
Sample
240327-ekae9afb9w
-
MD5
f702722e3c4404713cfd9142887fa33f
-
SHA1
b49acd0ad30895bcdee0cf30b8ca38adbcf9e6a7
-
SHA256
093232c9eb6ab3542e1981a221cc4e3d90c45c55a5557339531e8171b1c9e43b
-
SHA512
f93a3ada13f46745668e2a1c1c2f3471fc68b9946b0ff6af036a790fd0b2594e057383c4b5c996b09e069bb3693bee4298a048662be551e4c78c7d3af827ce25
-
SSDEEP
12288:71jQzQGIwHg1MSEYAD6aJwqDPcgLRWpbdIS/ArLTGZ07E8fW4EdvoPEa8:71j/UHQJEDxw3cUpbB/707Jk9oPEa8
Static task
static1
Behavioral task
behavioral1
Sample
7f7230e7228c5ddd4e0536f6401123cc6eb5f3a6b1fb05abdce2d664870b590b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7f7230e7228c5ddd4e0536f6401123cc6eb5f3a6b1fb05abdce2d664870b590b.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jitmachineryservices.co.ke - Port:
587 - Username:
[email protected] - Password:
NyambuClaris21@2024 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.jitmachineryservices.co.ke - Port:
587 - Username:
[email protected] - Password:
NyambuClaris21@2024
Targets
-
-
Target
7f7230e7228c5ddd4e0536f6401123cc6eb5f3a6b1fb05abdce2d664870b590b.exe
-
Size
720KB
-
MD5
b724752855a6406ad4925cb41112aecf
-
SHA1
7c9f7f93ffa91b8adb8d5b9d54d5273d249ab0b8
-
SHA256
7f7230e7228c5ddd4e0536f6401123cc6eb5f3a6b1fb05abdce2d664870b590b
-
SHA512
ff7c779f16ffe9072bf922b81cfd647e08252c58d5526eb280c8edc0be2a022a3a10ecea6bf45d2927959bb4de96b84c04adf28ae48a5134d063cc437b67947e
-
SSDEEP
12288:O4CMwLEQunS2vBq4CaS3yaBE235eicOFXbOrkC73QavZ3MKPjvKsIuGllA:mEz8DaS/xbOgWJvNMZsI7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-