General
-
Target
350fee444e2e7bb7924093b3c57ce9cbb8d6810a3dc4af17a971739ccf05f9fb.rar
-
Size
551KB
-
Sample
240424-bmfs9sde31
-
MD5
273f408ef2a992ea7bd25b563526c6de
-
SHA1
bfca9db78d9678b3d7c2b953613f040af4ea68db
-
SHA256
350fee444e2e7bb7924093b3c57ce9cbb8d6810a3dc4af17a971739ccf05f9fb
-
SHA512
74bf6eadf2a8a96fa1cda7a23848424af17d784a30ba91065a1bb33c011c664748c144c0715ead19c58a07dc6f7550b83d1258a7b41a960abc7e452edbfdf1bf
-
SSDEEP
12288:6lOmXwM+MsmpDK1vvnsDSHQIDcRXnghijB/HaKGQ+CqC6e1192:DSwMOuKvvsDSwOughiNvVRqCp1e
Static task
static1
Behavioral task
behavioral1
Sample
PO82100088.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PO82100088.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mbarieservicesltd.com - Port:
587 - Username:
[email protected] - Password:
*o9H+18Q4%;M - Email To:
[email protected]
Targets
-
-
Target
PO82100088.exe
-
Size
568KB
-
MD5
cdabc5342191cc7423fabc6038eb180d
-
SHA1
7b2641cf0dae1cc1da54218bcd6b2a066c491c39
-
SHA256
5c08922622153fcfa1cf05af7f0bdf474c6f9990c4f529742516a03362675cc0
-
SHA512
6ec7218f70c13638d23228736c3aedf62f7206f07c1b56d6bba273d3ec10eda6ff153f4d5f44ccaf3a9bb39a3d492a9ef45072c40970a1d7aa8211bd130875d9
-
SSDEEP
12288:IcK1qNZRAucPPVeFfV8pC3WosUgLhkVr100kmRmyMXtTd:tlXcPPVMfi0s7o0LmRNM9Td
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-