General
-
Target
0ac1fd14f91e1a8ba33c20c745227a42.bin
-
Size
627KB
-
Sample
240425-bc51eace47
-
MD5
41dfa863871029a8f713c36e28157b47
-
SHA1
045a0c556de8799d82bb46d2bb864c7c57a13eff
-
SHA256
bb8ca12669d9d1f0a8279d866a94575d7574650c5febe65fbb99f9da7819a401
-
SHA512
9b2d7f26e0b29c5db07102f1ed7fd74d604e9b23495e4600ccbbb3d555e11c7e0314e7fe2f0be1e46fd8713774f05d3f35703010d7e20439e2e04884ff09c516
-
SSDEEP
12288:d1Ca+KNmH6uXhhwIPiVKJzp8QkHYw3bhp46tpw/+/pOwdL:d5+KNmHL9SKBGQwYey6rw/+/pOC
Static task
static1
Behavioral task
behavioral1
Sample
80c8ee15f76183a9f93327c7eb3e40a384ea744602aa14c2a2b4bc2476c11010.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
80c8ee15f76183a9f93327c7eb3e40a384ea744602aa14c2a2b4bc2476c11010.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dzkraljevo.co.rs - Port:
587 - Username:
[email protected] - Password:
dz@kv123 - Email To:
[email protected]
Targets
-
-
Target
80c8ee15f76183a9f93327c7eb3e40a384ea744602aa14c2a2b4bc2476c11010.exe
-
Size
824KB
-
MD5
0ac1fd14f91e1a8ba33c20c745227a42
-
SHA1
02ef317af2f717ef2a66a291a65b4ce413c57288
-
SHA256
80c8ee15f76183a9f93327c7eb3e40a384ea744602aa14c2a2b4bc2476c11010
-
SHA512
0e8531f43cd746ac2c2cab9d1d7852d531401ae4cef9f7c38a5975e3fa1a68d95d4d06b9ecc079a41e7e6e8c739d7e6b4314c82d3a088fc324a493be62e21499
-
SSDEEP
12288:6ZCLTMHf/pE+PBC3J4ysPPkazp2BuEJrRNEcJwkgKGTcf:6ZKMHJE+Po3JhUp0uEJrR3WkgI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-