General
-
Target
5be340d65a1b4453d842b2b647be83ad9940bdbe7609585deb17d8b1c3ef9fbd
-
Size
792KB
-
Sample
240330-bwst7aea6x
-
MD5
0c293a861631332fc73ad5599a79e09d
-
SHA1
de6e9960ad9ce736d87e984efb8ed15672ecc6e2
-
SHA256
5be340d65a1b4453d842b2b647be83ad9940bdbe7609585deb17d8b1c3ef9fbd
-
SHA512
577c11dc936c02c01515f8c3345f6b0d47526f0a0205c4df8fa3edc4c1b381d40fb63c1887d760e9ce59bc93496fc94591a27f5129bd5d01769e21d57d9238bf
-
SSDEEP
12288:u+NJin8hit7pYdk4KYJhkyIqYzMbrKs0mpnOo36GGrrgX/l0SbyVBBDVZkR:rJWSUY+Khr72UrjOe6EdeBBq
Static task
static1
Behavioral task
behavioral1
Sample
5be340d65a1b4453d842b2b647be83ad9940bdbe7609585deb17d8b1c3ef9fbd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5be340d65a1b4453d842b2b647be83ad9940bdbe7609585deb17d8b1c3ef9fbd.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scgpl.in - Port:
587 - Username:
[email protected] - Password:
$Hetvishwa5271@djd - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.scgpl.in - Port:
587 - Username:
[email protected] - Password:
$Hetvishwa5271@djd
Targets
-
-
Target
5be340d65a1b4453d842b2b647be83ad9940bdbe7609585deb17d8b1c3ef9fbd
-
Size
792KB
-
MD5
0c293a861631332fc73ad5599a79e09d
-
SHA1
de6e9960ad9ce736d87e984efb8ed15672ecc6e2
-
SHA256
5be340d65a1b4453d842b2b647be83ad9940bdbe7609585deb17d8b1c3ef9fbd
-
SHA512
577c11dc936c02c01515f8c3345f6b0d47526f0a0205c4df8fa3edc4c1b381d40fb63c1887d760e9ce59bc93496fc94591a27f5129bd5d01769e21d57d9238bf
-
SSDEEP
12288:u+NJin8hit7pYdk4KYJhkyIqYzMbrKs0mpnOo36GGrrgX/l0SbyVBBDVZkR:rJWSUY+Khr72UrjOe6EdeBBq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-