General
-
Target
bef2bb78ec1aeb4d981cd5819d54393d413a857fd8c670336ad37678157448e7
-
Size
772KB
-
Sample
240425-cpdmcsdf9y
-
MD5
7038d4d98c3b6f090f3256741222a8cb
-
SHA1
fc5728d10ce29f7c5255b5cc6f9c8f9010f3783f
-
SHA256
bef2bb78ec1aeb4d981cd5819d54393d413a857fd8c670336ad37678157448e7
-
SHA512
cf1a435264ddc43bd938ef13d834282732fde5fe2d1ad7de97bd5d2202db00e99967c331d663098367f158a83b5eb76b9e8d90fba7b6b5b033d93e0259c91d32
-
SSDEEP
12288:TF2iNNt6DUTPle1gkFi3+K7WCKHlVPGfJlD9YHnx5X7s2neqealv312Z3Q:TF1wee1gR3baCIP0JwnPs2eCJ312ZQ
Static task
static1
Behavioral task
behavioral1
Sample
bef2bb78ec1aeb4d981cd5819d54393d413a857fd8c670336ad37678157448e7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bef2bb78ec1aeb4d981cd5819d54393d413a857fd8c670336ad37678157448e7.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.nizagorjemalo.hr - Port:
587 - Username:
[email protected] - Password:
Extreme192 - Email To:
[email protected]
Targets
-
-
Target
bef2bb78ec1aeb4d981cd5819d54393d413a857fd8c670336ad37678157448e7
-
Size
772KB
-
MD5
7038d4d98c3b6f090f3256741222a8cb
-
SHA1
fc5728d10ce29f7c5255b5cc6f9c8f9010f3783f
-
SHA256
bef2bb78ec1aeb4d981cd5819d54393d413a857fd8c670336ad37678157448e7
-
SHA512
cf1a435264ddc43bd938ef13d834282732fde5fe2d1ad7de97bd5d2202db00e99967c331d663098367f158a83b5eb76b9e8d90fba7b6b5b033d93e0259c91d32
-
SSDEEP
12288:TF2iNNt6DUTPle1gkFi3+K7WCKHlVPGfJlD9YHnx5X7s2neqealv312Z3Q:TF1wee1gR3baCIP0JwnPs2eCJ312ZQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-