General
-
Target
3009aee6f49e882e9f60bd0ed1063ce47225b88c0fc1a51a1b695e086b915d20
-
Size
662KB
-
Sample
240330-bezw6sde3y
-
MD5
349f17dbbb946bf88f86441a35ab8561
-
SHA1
c40216c6f241044260bc8a3e0501645a33a7aad8
-
SHA256
3009aee6f49e882e9f60bd0ed1063ce47225b88c0fc1a51a1b695e086b915d20
-
SHA512
ee7cbd7240e7440f22e32b920479e955a2fcedd39c8548eb25b71a5540c216472c9d025f92a8fcb6b557df94c0ea6af910f0515db1d67c364110a2aa1a855eac
-
SSDEEP
12288:vH2iNlw0i3nXIUjDYxIgCW3GQVKSUffm4LQ+B7sDisNdqcf:f1X4ndvyiW3GMKvr8Y78il
Static task
static1
Behavioral task
behavioral1
Sample
3009aee6f49e882e9f60bd0ed1063ce47225b88c0fc1a51a1b695e086b915d20.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3009aee6f49e882e9f60bd0ed1063ce47225b88c0fc1a51a1b695e086b915d20.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.cade.ro - Port:
587 - Username:
[email protected] - Password:
_5h))*rQ]Yhs
Extracted
agenttesla
Protocol: smtp- Host:
mail.cade.ro - Port:
587 - Username:
[email protected] - Password:
_5h))*rQ]Yhs - Email To:
[email protected]
Targets
-
-
Target
3009aee6f49e882e9f60bd0ed1063ce47225b88c0fc1a51a1b695e086b915d20
-
Size
662KB
-
MD5
349f17dbbb946bf88f86441a35ab8561
-
SHA1
c40216c6f241044260bc8a3e0501645a33a7aad8
-
SHA256
3009aee6f49e882e9f60bd0ed1063ce47225b88c0fc1a51a1b695e086b915d20
-
SHA512
ee7cbd7240e7440f22e32b920479e955a2fcedd39c8548eb25b71a5540c216472c9d025f92a8fcb6b557df94c0ea6af910f0515db1d67c364110a2aa1a855eac
-
SSDEEP
12288:vH2iNlw0i3nXIUjDYxIgCW3GQVKSUffm4LQ+B7sDisNdqcf:f1X4ndvyiW3GMKvr8Y78il
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-