General
-
Target
86f85abee63662e5742279ebfa8e1a9e99452f98bf5142fd55f413213e025d88
-
Size
659KB
-
Sample
240408-bll9nacc6t
-
MD5
ee70aed5ac8a8b8273ca1b6ee4e6ffd2
-
SHA1
0acd26a29f2b22958de7a3591f512f6f827eec42
-
SHA256
86f85abee63662e5742279ebfa8e1a9e99452f98bf5142fd55f413213e025d88
-
SHA512
065c72c068866c1b6b866346c3e66a13ff2f6b99590db4ce9473fa15d4c78df98c61570277e84e4cb2b58d705c4ddcb659ecdeb7377cd0cffc2f696df8e447c7
-
SSDEEP
12288:2CUHcUOJOU9zJxO6N5iRi5sP7dNQN+vvHdKrOTryTkR:sHFOoAOmSQK8rOTmG
Static task
static1
Behavioral task
behavioral1
Sample
86f85abee63662e5742279ebfa8e1a9e99452f98bf5142fd55f413213e025d88.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
86f85abee63662e5742279ebfa8e1a9e99452f98bf5142fd55f413213e025d88.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.top1stores.com - Port:
587 - Username:
[email protected] - Password:
bns101010
Extracted
agenttesla
Protocol: smtp- Host:
mail.top1stores.com - Port:
587 - Username:
[email protected] - Password:
bns101010 - Email To:
[email protected]
Targets
-
-
Target
86f85abee63662e5742279ebfa8e1a9e99452f98bf5142fd55f413213e025d88
-
Size
659KB
-
MD5
ee70aed5ac8a8b8273ca1b6ee4e6ffd2
-
SHA1
0acd26a29f2b22958de7a3591f512f6f827eec42
-
SHA256
86f85abee63662e5742279ebfa8e1a9e99452f98bf5142fd55f413213e025d88
-
SHA512
065c72c068866c1b6b866346c3e66a13ff2f6b99590db4ce9473fa15d4c78df98c61570277e84e4cb2b58d705c4ddcb659ecdeb7377cd0cffc2f696df8e447c7
-
SSDEEP
12288:2CUHcUOJOU9zJxO6N5iRi5sP7dNQN+vvHdKrOTryTkR:sHFOoAOmSQK8rOTmG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-