General
-
Target
93bd9b640db01eeb79fea8c0b4840ba70d58aa03c2c2274af72e0ee2c838ad1d
-
Size
719KB
-
Sample
240426-cny7nshb91
-
MD5
2913e5ff6130b0bd4dfe91b961342ddc
-
SHA1
18b716c46e6d8088bcceea6080f5efbc6995f46e
-
SHA256
93bd9b640db01eeb79fea8c0b4840ba70d58aa03c2c2274af72e0ee2c838ad1d
-
SHA512
cc99e8485ab20e329533ca83254d00b7045e42ea0877fe05e320cfcbed3b66885e99b73f7cbb84c02fdb35999d4019fbae1810a8e4c52e71f64c91ea4b018562
-
SSDEEP
12288:IWYIPXjxannnHg2TjQXJ/YmJclIGUX1gjtqGNcSzMq3mttUZgU2f4FVsWnpfkR:IWYIPFannnHg2Q5/Ym9GUFgjmSzMqGrR
Static task
static1
Behavioral task
behavioral1
Sample
93bd9b640db01eeb79fea8c0b4840ba70d58aa03c2c2274af72e0ee2c838ad1d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
93bd9b640db01eeb79fea8c0b4840ba70d58aa03c2c2274af72e0ee2c838ad1d.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alitextile.com - Port:
587 - Username:
9@alitextile.com - Password:
Myname321@ - Email To:
99patrick@alitextile.com
Extracted
Protocol: smtp- Host:
mail.alitextile.com - Port:
587 - Username:
9@alitextile.com - Password:
Myname321@
Targets
-
-
Target
93bd9b640db01eeb79fea8c0b4840ba70d58aa03c2c2274af72e0ee2c838ad1d
-
Size
719KB
-
MD5
2913e5ff6130b0bd4dfe91b961342ddc
-
SHA1
18b716c46e6d8088bcceea6080f5efbc6995f46e
-
SHA256
93bd9b640db01eeb79fea8c0b4840ba70d58aa03c2c2274af72e0ee2c838ad1d
-
SHA512
cc99e8485ab20e329533ca83254d00b7045e42ea0877fe05e320cfcbed3b66885e99b73f7cbb84c02fdb35999d4019fbae1810a8e4c52e71f64c91ea4b018562
-
SSDEEP
12288:IWYIPXjxannnHg2TjQXJ/YmJclIGUX1gjtqGNcSzMq3mttUZgU2f4FVsWnpfkR:IWYIPFannnHg2Q5/Ym9GUFgjmSzMqGrR
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-