General
-
Target
grace.exe
-
Size
699KB
-
Sample
240515-l43pgacd3s
-
MD5
6cb57b7bbac238426bb2f888fbfc3ed7
-
SHA1
f1440efc5419037d9d353cd39af3fefa736fb541
-
SHA256
6ab2de6935249b3eda017e140655d900bd3e8eed7a96a2bbf09707a6c4e8787a
-
SHA512
b03ac8f6b54bcd24bccc53d111a6ee9e56b0eea0845bfc8304430b510b2e980fc25baf2b39d65ca6c35058ea06b197dd8f9b01beafe6b21d41e354e0ca5b14ae
-
SSDEEP
12288:ZKECAXYMjhvPie/rByY7777777777777rZkG5dFTh0e6huoo9rKNJrh5dBmmf6gs:ZtCAXYMFniyymkadFTh5quoo9rKThhdN
Static task
static1
Behavioral task
behavioral1
Sample
grace.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.magna.com.pk - Port:
587 - Username:
[email protected] - Password:
Ahp6wqxfZb)D - Email To:
[email protected]
Targets
-
-
Target
grace.exe
-
Size
699KB
-
MD5
6cb57b7bbac238426bb2f888fbfc3ed7
-
SHA1
f1440efc5419037d9d353cd39af3fefa736fb541
-
SHA256
6ab2de6935249b3eda017e140655d900bd3e8eed7a96a2bbf09707a6c4e8787a
-
SHA512
b03ac8f6b54bcd24bccc53d111a6ee9e56b0eea0845bfc8304430b510b2e980fc25baf2b39d65ca6c35058ea06b197dd8f9b01beafe6b21d41e354e0ca5b14ae
-
SSDEEP
12288:ZKECAXYMjhvPie/rByY7777777777777rZkG5dFTh0e6huoo9rKNJrh5dBmmf6gs:ZtCAXYMFniyymkadFTh5quoo9rKThhdN
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-