General
-
Target
f8e6583d8b52b95801109030c4b4479ee0d085f781e0efd985d8abdf24919f9d
-
Size
980KB
-
Sample
240425-c77m6adh56
-
MD5
a3f8fc485938b85b20d0d72daf006db5
-
SHA1
b72e5c0c9463577a2dfe815fd76b6448ee999d4a
-
SHA256
f8e6583d8b52b95801109030c4b4479ee0d085f781e0efd985d8abdf24919f9d
-
SHA512
3fdf772c948fa0f2bf67be37e2583ed0f692545c50a07172140472f838df7ed5dc671adc4ce64d658b29194a116f0a298ca959bf720f9a3f0a6a2b574f1cd01b
-
SSDEEP
24576:4K17srDOgLqWs7Gn7f97jKx2J312Z4fJYOW:F0OgGZ7GnTxmYJl2EJYO
Static task
static1
Behavioral task
behavioral1
Sample
f8e6583d8b52b95801109030c4b4479ee0d085f781e0efd985d8abdf24919f9d.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f8e6583d8b52b95801109030c4b4479ee0d085f781e0efd985d8abdf24919f9d.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
pro56.emailserver.vn - Port:
587 - Username:
[email protected] - Password:
techlink@123 - Email To:
[email protected]
Targets
-
-
Target
f8e6583d8b52b95801109030c4b4479ee0d085f781e0efd985d8abdf24919f9d
-
Size
980KB
-
MD5
a3f8fc485938b85b20d0d72daf006db5
-
SHA1
b72e5c0c9463577a2dfe815fd76b6448ee999d4a
-
SHA256
f8e6583d8b52b95801109030c4b4479ee0d085f781e0efd985d8abdf24919f9d
-
SHA512
3fdf772c948fa0f2bf67be37e2583ed0f692545c50a07172140472f838df7ed5dc671adc4ce64d658b29194a116f0a298ca959bf720f9a3f0a6a2b574f1cd01b
-
SSDEEP
24576:4K17srDOgLqWs7Gn7f97jKx2J312Z4fJYOW:F0OgGZ7GnTxmYJl2EJYO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-