General
-
Target
14a7dbc524ff90ed059e716fffdc071cc97d770901f80bb11d4bee5aace67fde
-
Size
797KB
-
Sample
240425-b63gdadc4x
-
MD5
41a86b771c2ba734138fd135292e31e6
-
SHA1
34604125a46c0e22059cc6ec10b1d0f764a927b9
-
SHA256
14a7dbc524ff90ed059e716fffdc071cc97d770901f80bb11d4bee5aace67fde
-
SHA512
ff69b42311e17a00308b364c2923c35873c7e4a02edaf7414fea21596661c640fe8cc0ad94ee41677d0c304e0f1b05ca3df9ce844dc221855cfe69699fcef10d
-
SSDEEP
12288:IU2iNCDIQgiyFDqdiu41+IV+6PBjSGove5M45WXhZb2flv312Z3+qkR:IU1s4FDqdr41hV+6PiWf+6fJ312Z+p
Static task
static1
Behavioral task
behavioral1
Sample
14a7dbc524ff90ed059e716fffdc071cc97d770901f80bb11d4bee5aace67fde.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
14a7dbc524ff90ed059e716fffdc071cc97d770901f80bb11d4bee5aace67fde.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.incomeelectrix.com - Port:
587 - Username:
[email protected] - Password:
tao2012
Extracted
agenttesla
Protocol: smtp- Host:
mail.incomeelectrix.com - Port:
587 - Username:
[email protected] - Password:
tao2012 - Email To:
[email protected]
Targets
-
-
Target
14a7dbc524ff90ed059e716fffdc071cc97d770901f80bb11d4bee5aace67fde
-
Size
797KB
-
MD5
41a86b771c2ba734138fd135292e31e6
-
SHA1
34604125a46c0e22059cc6ec10b1d0f764a927b9
-
SHA256
14a7dbc524ff90ed059e716fffdc071cc97d770901f80bb11d4bee5aace67fde
-
SHA512
ff69b42311e17a00308b364c2923c35873c7e4a02edaf7414fea21596661c640fe8cc0ad94ee41677d0c304e0f1b05ca3df9ce844dc221855cfe69699fcef10d
-
SSDEEP
12288:IU2iNCDIQgiyFDqdiu41+IV+6PBjSGove5M45WXhZb2flv312Z3+qkR:IU1s4FDqdr41hV+6PiWf+6fJ312Z+p
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-