General
-
Target
d8b23244597e60597eb5359b26b92bdb3ab1359985da190c5852fc824038f15a
-
Size
716KB
-
Sample
240328-bycwracf7s
-
MD5
fb83c76a5af6949dde65a8adaa264124
-
SHA1
8ffcefa0cc22d36de8edb559424674cb9bf88617
-
SHA256
d8b23244597e60597eb5359b26b92bdb3ab1359985da190c5852fc824038f15a
-
SHA512
9e4645b06ecf75943c0b1e94d7bfc6d4ecfdc4b0f264ca9a3f571c7be00811c6b9bdf37ef21a3585390a23ab99216a3725dcfb67aa85f87519779e07f1a40701
-
SSDEEP
12288:SFoO3mVQxbmbYwptvJVsVI1SVCPBZKoNgKa5PoCDQXTDaIYgL0k:ShTxlct7A8+CZZKDwHHaI
Static task
static1
Behavioral task
behavioral1
Sample
d8b23244597e60597eb5359b26b92bdb3ab1359985da190c5852fc824038f15a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d8b23244597e60597eb5359b26b92bdb3ab1359985da190c5852fc824038f15a.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.horizongroup.com.bd - Port:
587 - Username:
[email protected] - Password:
horizon@%%%5 - Email To:
[email protected]
Targets
-
-
Target
d8b23244597e60597eb5359b26b92bdb3ab1359985da190c5852fc824038f15a
-
Size
716KB
-
MD5
fb83c76a5af6949dde65a8adaa264124
-
SHA1
8ffcefa0cc22d36de8edb559424674cb9bf88617
-
SHA256
d8b23244597e60597eb5359b26b92bdb3ab1359985da190c5852fc824038f15a
-
SHA512
9e4645b06ecf75943c0b1e94d7bfc6d4ecfdc4b0f264ca9a3f571c7be00811c6b9bdf37ef21a3585390a23ab99216a3725dcfb67aa85f87519779e07f1a40701
-
SSDEEP
12288:SFoO3mVQxbmbYwptvJVsVI1SVCPBZKoNgKa5PoCDQXTDaIYgL0k:ShTxlct7A8+CZZKDwHHaI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-