General
-
Target
a8b349b432322e5f0e8d12ad970b004588bdeed74c7706d472b54bb30d8d0c72
-
Size
704KB
-
Sample
240426-cqm77ahc2y
-
MD5
c20c7cb88c595e0b353ff7e9df982635
-
SHA1
6670ecb1421dc88691801d629b470646c9853e23
-
SHA256
a8b349b432322e5f0e8d12ad970b004588bdeed74c7706d472b54bb30d8d0c72
-
SHA512
5e9bf06454d1361581f2f25ffe94f940012dc73bcfc008c1badf4c8a7d9e33839f731c187fa6a9a29f05f26d0822eead08707af6e09e7d9c7d48fdda04be1615
-
SSDEEP
12288:wWYIPXjxannnHg2vokpbGPAR0dncI/GVHBuUx1xHaSoJXmYx/hWt1NFu6FsVGaE:wWYIPFannnHg2v9KoR0nLmlpEAt1Ns6b
Static task
static1
Behavioral task
behavioral1
Sample
a8b349b432322e5f0e8d12ad970b004588bdeed74c7706d472b54bb30d8d0c72.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a8b349b432322e5f0e8d12ad970b004588bdeed74c7706d472b54bb30d8d0c72.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.satsllc.ae - Port:
587 - Username:
ahsan@satsllc.ae - Password:
Ahsan@12345 - Email To:
benj50454@gmail.com
Targets
-
-
Target
a8b349b432322e5f0e8d12ad970b004588bdeed74c7706d472b54bb30d8d0c72
-
Size
704KB
-
MD5
c20c7cb88c595e0b353ff7e9df982635
-
SHA1
6670ecb1421dc88691801d629b470646c9853e23
-
SHA256
a8b349b432322e5f0e8d12ad970b004588bdeed74c7706d472b54bb30d8d0c72
-
SHA512
5e9bf06454d1361581f2f25ffe94f940012dc73bcfc008c1badf4c8a7d9e33839f731c187fa6a9a29f05f26d0822eead08707af6e09e7d9c7d48fdda04be1615
-
SSDEEP
12288:wWYIPXjxannnHg2vokpbGPAR0dncI/GVHBuUx1xHaSoJXmYx/hWt1NFu6FsVGaE:wWYIPFannnHg2v9KoR0nLmlpEAt1Ns6b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-