General
-
Target
77240f128f1bc134d37049e3885be91224e7314f127e253db534b667ad5bb7f7
-
Size
900KB
-
Sample
240328-b31tdaad76
-
MD5
6ec0abebef7ba50b0875e8279e2261e6
-
SHA1
b2d2801d8313d006301d3d0c733c0cf9c4f5ca53
-
SHA256
77240f128f1bc134d37049e3885be91224e7314f127e253db534b667ad5bb7f7
-
SHA512
4d957f94258b4f18712b98e9b240a3af525e534d59e05f644733d2bc276ab0e8dc118ae3fb2b7499b060e5b21b852458cc539129afa50ad6bf3a16d324403a17
-
SSDEEP
24576:BwjFrqN2Tdp7BmyN+0U7kWVv4+IF6nnjqKoe:WjBg2RHkPzy+LjqKoe
Static task
static1
Behavioral task
behavioral1
Sample
77240f128f1bc134d37049e3885be91224e7314f127e253db534b667ad5bb7f7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
77240f128f1bc134d37049e3885be91224e7314f127e253db534b667ad5bb7f7.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cherubimsecurityforce.com - Port:
587 - Username:
info@cherubimsecurityforce.com - Password:
alwarpet538 - Email To:
info@cherubimsecurityforce.com
Extracted
Protocol: smtp- Host:
mail.cherubimsecurityforce.com - Port:
587 - Username:
info@cherubimsecurityforce.com - Password:
alwarpet538
Targets
-
-
Target
77240f128f1bc134d37049e3885be91224e7314f127e253db534b667ad5bb7f7
-
Size
900KB
-
MD5
6ec0abebef7ba50b0875e8279e2261e6
-
SHA1
b2d2801d8313d006301d3d0c733c0cf9c4f5ca53
-
SHA256
77240f128f1bc134d37049e3885be91224e7314f127e253db534b667ad5bb7f7
-
SHA512
4d957f94258b4f18712b98e9b240a3af525e534d59e05f644733d2bc276ab0e8dc118ae3fb2b7499b060e5b21b852458cc539129afa50ad6bf3a16d324403a17
-
SSDEEP
24576:BwjFrqN2Tdp7BmyN+0U7kWVv4+IF6nnjqKoe:WjBg2RHkPzy+LjqKoe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-