General
-
Target
c73fabf4588d66f7394e905664c556cb7afd12bd9e05481576c3a97db33c2afa
-
Size
696KB
-
Sample
240430-bzgakage42
-
MD5
7ad71dff280a152a659a3e6533f782ad
-
SHA1
8a31b1faefa6ba58b3f244455f2eefc9b90cfc59
-
SHA256
c73fabf4588d66f7394e905664c556cb7afd12bd9e05481576c3a97db33c2afa
-
SHA512
8311c1013ae0e516d1ca4ea8af2103f68dfebcc649b2170f3008c5575dc46e702b070182a34a58fd40a6747a2352a3a60d1fa06f8aee8468ee7cd148ad77896f
-
SSDEEP
12288:j+DbgnB778QeV4PEa67uYDjXwp4h77B4N8K8q1hrWDQM+/ED:qgnB25DDzF77BK1haDtf
Static task
static1
Behavioral task
behavioral1
Sample
c73fabf4588d66f7394e905664c556cb7afd12bd9e05481576c3a97db33c2afa.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
c73fabf4588d66f7394e905664c556cb7afd12bd9e05481576c3a97db33c2afa.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hliaka.gr - Port:
587 - Username:
[email protected] - Password:
!@#hliaka@hliaka!@# - Email To:
[email protected]
Targets
-
-
Target
c73fabf4588d66f7394e905664c556cb7afd12bd9e05481576c3a97db33c2afa
-
Size
696KB
-
MD5
7ad71dff280a152a659a3e6533f782ad
-
SHA1
8a31b1faefa6ba58b3f244455f2eefc9b90cfc59
-
SHA256
c73fabf4588d66f7394e905664c556cb7afd12bd9e05481576c3a97db33c2afa
-
SHA512
8311c1013ae0e516d1ca4ea8af2103f68dfebcc649b2170f3008c5575dc46e702b070182a34a58fd40a6747a2352a3a60d1fa06f8aee8468ee7cd148ad77896f
-
SSDEEP
12288:j+DbgnB778QeV4PEa67uYDjXwp4h77B4N8K8q1hrWDQM+/ED:qgnB25DDzF77BK1haDtf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-