General
-
Target
9af4382caf6b56756c49ecc8a988fcc676d1bc75666f17473c0bf68235651c24
-
Size
755KB
-
Sample
240328-b3fs7scg2v
-
MD5
96ebbff09c0b9f4e0d3508f2b311c982
-
SHA1
b915f7a05de55d67e0354594e857f432a427011c
-
SHA256
9af4382caf6b56756c49ecc8a988fcc676d1bc75666f17473c0bf68235651c24
-
SHA512
2205ff9eb1be931856d6064aaad498b57d3eaf8af86378248c912732b2e204d98ac017414b0b9dbd78633fbbf70701e0efc54e15c7f9ff8c25ca4c683609a4c1
-
SSDEEP
12288:jCMx6a5WnpgxSu2ZKDYC51xuAcRczjXWXwZitVSBeq9x/8X/HLckR:uMxenMx2UT4czjUUitxq9x/8v3
Static task
static1
Behavioral task
behavioral1
Sample
9af4382caf6b56756c49ecc8a988fcc676d1bc75666f17473c0bf68235651c24.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
9af4382caf6b56756c49ecc8a988fcc676d1bc75666f17473c0bf68235651c24.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.outlook.com - Port:
587 - Username:
mytime2024mytime@outlook.com - Password:
King2020king - Email To:
mytime2024mytime@outlook.com
Extracted
Protocol: smtp- Host:
smtp.outlook.com - Port:
587 - Username:
mytime2024mytime@outlook.com - Password:
King2020king
Targets
-
-
Target
9af4382caf6b56756c49ecc8a988fcc676d1bc75666f17473c0bf68235651c24
-
Size
755KB
-
MD5
96ebbff09c0b9f4e0d3508f2b311c982
-
SHA1
b915f7a05de55d67e0354594e857f432a427011c
-
SHA256
9af4382caf6b56756c49ecc8a988fcc676d1bc75666f17473c0bf68235651c24
-
SHA512
2205ff9eb1be931856d6064aaad498b57d3eaf8af86378248c912732b2e204d98ac017414b0b9dbd78633fbbf70701e0efc54e15c7f9ff8c25ca4c683609a4c1
-
SSDEEP
12288:jCMx6a5WnpgxSu2ZKDYC51xuAcRczjXWXwZitVSBeq9x/8X/HLckR:uMxenMx2UT4czjUUitxq9x/8v3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-