General
-
Target
d4457b001ae6dec20cc5748290d9409751e4e1232fb4dbcf4c9612bb7883ef48
-
Size
644KB
-
Sample
240424-ch78dseb2z
-
MD5
c2f4733fb9ba1df18b2beea15fd0b26d
-
SHA1
e9c3d0d0ced40d9138757d701d4fa89cc32687e1
-
SHA256
d4457b001ae6dec20cc5748290d9409751e4e1232fb4dbcf4c9612bb7883ef48
-
SHA512
6db58d650a7183a248fdff0bb5e67d4b188e7c57d5b1fafcda58f9a49fa2272a5d98e1e25d2fd8ba3fc11d1c3b0cc12d854877e53d81c4aa10a38418f2530fdd
-
SSDEEP
12288:AmNZRAjjvsTw4XrgKxoqd7OIW7iN6l0BR2kNUrBOvWTB4dd:/lM54XrgKrIImhluRoY+yd
Static task
static1
Behavioral task
behavioral1
Sample
d4457b001ae6dec20cc5748290d9409751e4e1232fb4dbcf4c9612bb7883ef48.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
d4457b001ae6dec20cc5748290d9409751e4e1232fb4dbcf4c9612bb7883ef48.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.satsllc.ae - Port:
587 - Username:
[email protected] - Password:
Ahsan@12345 - Email To:
[email protected]
Targets
-
-
Target
d4457b001ae6dec20cc5748290d9409751e4e1232fb4dbcf4c9612bb7883ef48
-
Size
644KB
-
MD5
c2f4733fb9ba1df18b2beea15fd0b26d
-
SHA1
e9c3d0d0ced40d9138757d701d4fa89cc32687e1
-
SHA256
d4457b001ae6dec20cc5748290d9409751e4e1232fb4dbcf4c9612bb7883ef48
-
SHA512
6db58d650a7183a248fdff0bb5e67d4b188e7c57d5b1fafcda58f9a49fa2272a5d98e1e25d2fd8ba3fc11d1c3b0cc12d854877e53d81c4aa10a38418f2530fdd
-
SSDEEP
12288:AmNZRAjjvsTw4XrgKxoqd7OIW7iN6l0BR2kNUrBOvWTB4dd:/lM54XrgKrIImhluRoY+yd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-