General
-
Target
7de11f73a331d4b238991d2e845847eca225fe99f6c9eb7e46c73eac1d614064
-
Size
719KB
-
Sample
240426-clwc1ahb81
-
MD5
7d4355c001565e767b1d1da8a360acb5
-
SHA1
d7a78c5d402662691e0a3844730815dce6bb9096
-
SHA256
7de11f73a331d4b238991d2e845847eca225fe99f6c9eb7e46c73eac1d614064
-
SHA512
d0571263dc4f6cef01b50b9f518a69e53c699bfed14873fbe0b2d30fed6e6a75dfe861cb1bc424079c77b3e2d510784e26e3125bd83519b0dd48834b29c01bef
-
SSDEEP
12288:QfWYIPXjxannnHg2NbkpL9xY72zXwmYMMm98kJ7I6U6De2VifvL9Hk2dtJm243ry:QfWYIPFannnHg2NbU9sbq8kFUiofvhHv
Static task
static1
Behavioral task
behavioral1
Sample
7de11f73a331d4b238991d2e845847eca225fe99f6c9eb7e46c73eac1d614064.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
7de11f73a331d4b238991d2e845847eca225fe99f6c9eb7e46c73eac1d614064.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.probending.co.th - Port:
587 - Username:
sales@probending.co.th - Password:
9aglmaj6C5hF - Email To:
quality@bspmetatech.com
Targets
-
-
Target
7de11f73a331d4b238991d2e845847eca225fe99f6c9eb7e46c73eac1d614064
-
Size
719KB
-
MD5
7d4355c001565e767b1d1da8a360acb5
-
SHA1
d7a78c5d402662691e0a3844730815dce6bb9096
-
SHA256
7de11f73a331d4b238991d2e845847eca225fe99f6c9eb7e46c73eac1d614064
-
SHA512
d0571263dc4f6cef01b50b9f518a69e53c699bfed14873fbe0b2d30fed6e6a75dfe861cb1bc424079c77b3e2d510784e26e3125bd83519b0dd48834b29c01bef
-
SSDEEP
12288:QfWYIPXjxannnHg2NbkpL9xY72zXwmYMMm98kJ7I6U6De2VifvL9Hk2dtJm243ry:QfWYIPFannnHg2NbU9sbq8kFUiofvhHv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-