General
-
Target
6xjcX3sV8GkRVzB.pif.exe
-
Size
755KB
-
Sample
240515-mbx4ysch58
-
MD5
e01b587a6e16f588ee386a9c89b6990e
-
SHA1
74693edd1cd19c7fc98a3b4e1b45af0a4ca31b19
-
SHA256
655bf2b084f93181d47b1ffb31e944da4cd4779a2ce1a17f37286b17684677f6
-
SHA512
af8a0fddf17698a2a51d1052227470430f550ffe236d401b37296703306b0612831ce9219bc80c600919b3ac09ac055ee0025506f38af828478b9bf8d4a06902
-
SSDEEP
12288:ohl2iNT/SHY295mtGOQrntiCA79wCav/S4zl+bBUJ9xmIX0T9T3FIf+H5vVDDZRI:oz1cHY2oNQrRx+bBAiT32f+Wg
Static task
static1
Behavioral task
behavioral1
Sample
6xjcX3sV8GkRVzB.pif.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.nzobaku.com - Port:
587 - Username:
[email protected] - Password:
mKUrJYPDk3rTk - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.nzobaku.com - Port:
587 - Username:
[email protected] - Password:
mKUrJYPDk3rTk
Targets
-
-
Target
6xjcX3sV8GkRVzB.pif.exe
-
Size
755KB
-
MD5
e01b587a6e16f588ee386a9c89b6990e
-
SHA1
74693edd1cd19c7fc98a3b4e1b45af0a4ca31b19
-
SHA256
655bf2b084f93181d47b1ffb31e944da4cd4779a2ce1a17f37286b17684677f6
-
SHA512
af8a0fddf17698a2a51d1052227470430f550ffe236d401b37296703306b0612831ce9219bc80c600919b3ac09ac055ee0025506f38af828478b9bf8d4a06902
-
SSDEEP
12288:ohl2iNT/SHY295mtGOQrntiCA79wCav/S4zl+bBUJ9xmIX0T9T3FIf+H5vVDDZRI:oz1cHY2oNQrRx+bBAiT32f+Wg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-