General
-
Target
5a74ebfda8a42bb7057414bc3f9248d7b199e409fdf87412724774e7c027de6e
-
Size
731KB
-
Sample
240426-cj863shb8s
-
MD5
5a072d7b9b68b811c0a25a97f243da20
-
SHA1
25c4e8c956a0a103b15a0b8738d363df17ad1ecd
-
SHA256
5a74ebfda8a42bb7057414bc3f9248d7b199e409fdf87412724774e7c027de6e
-
SHA512
dbfb38104cef3f589e613ced5324ed6b28b0dbe80d7354ab4e934f9efd420ee313fff09a9da2fb0ef17845e9ef23c1f20bbf70facc864303a5844e66e8822474
-
SSDEEP
12288:yWYIPXjxannnHg26Cu1rX86rxiG2hGZRgaWS1y8zLluAf4lp8cagBfrdiBXkR:yWYIPFannnHg2a1X86rx5ZRvr/FujpRp
Static task
static1
Behavioral task
behavioral1
Sample
5a74ebfda8a42bb7057414bc3f9248d7b199e409fdf87412724774e7c027de6e.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
5a74ebfda8a42bb7057414bc3f9248d7b199e409fdf87412724774e7c027de6e.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alwayssafepackers.com - Port:
587 - Username:
info@alwayssafepackers.com - Password:
packersafe@123 - Email To:
euroxnt3@mail.com
Targets
-
-
Target
5a74ebfda8a42bb7057414bc3f9248d7b199e409fdf87412724774e7c027de6e
-
Size
731KB
-
MD5
5a072d7b9b68b811c0a25a97f243da20
-
SHA1
25c4e8c956a0a103b15a0b8738d363df17ad1ecd
-
SHA256
5a74ebfda8a42bb7057414bc3f9248d7b199e409fdf87412724774e7c027de6e
-
SHA512
dbfb38104cef3f589e613ced5324ed6b28b0dbe80d7354ab4e934f9efd420ee313fff09a9da2fb0ef17845e9ef23c1f20bbf70facc864303a5844e66e8822474
-
SSDEEP
12288:yWYIPXjxannnHg26Cu1rX86rxiG2hGZRgaWS1y8zLluAf4lp8cagBfrdiBXkR:yWYIPFannnHg2a1X86rx5ZRvr/FujpRp
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-