General
-
Target
e47dcaffc1833ba2822ffd9bfd575f555606623b9e167c4014d92984d588736a
-
Size
725KB
-
Sample
240518-j82a4abe2x
-
MD5
66ad27df4cdcf9792a753afbcf618059
-
SHA1
659b1ca0d81651a472fa56674d65857b810198ea
-
SHA256
e47dcaffc1833ba2822ffd9bfd575f555606623b9e167c4014d92984d588736a
-
SHA512
5f97ae487266c0fb347ba86c7a4aea73c0bea0ccf52b855bf4c81b624c0df8ffc2a6fcabcaa0779f22e8af7e3e69a170ce681c3dd1419aab9d1efdc0f9d1b2db
-
SSDEEP
12288:y7bAxGP4GytlQ2DSATt/6mliPvlGeWb1d6N5ENfZ9AvRKCENsQjn00vuevm:y3ZqlQ2DSfm+9GeWbX6N5WWZKCE+aJO
Static task
static1
Behavioral task
behavioral1
Sample
737d6ccf608a12eee75a0451b10b982db7406a3930b07039103e64802b3e9bbd.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ifeanyi@12 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ifeanyi@12
Targets
-
-
Target
737d6ccf608a12eee75a0451b10b982db7406a3930b07039103e64802b3e9bbd.exe
-
Size
852KB
-
MD5
f658555b9922ffdbadcf27a7cf6a6338
-
SHA1
b3f0ee363e1f8e2336d20d5eb127e0fb4a8fecad
-
SHA256
737d6ccf608a12eee75a0451b10b982db7406a3930b07039103e64802b3e9bbd
-
SHA512
340c779d871441d87360d461ce7d6290deabdc2efd11440d160e85d07bf37b64f845b6ae1c0ccc64b834c53acacc20dbae6dc0cc3e1c7ae1aaa242e42971847a
-
SSDEEP
24576:zmeb4lTN8+WgtV3+vlpu2ostSDuFMd/GlPb:zv4lq6lss23tSTd/GlP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-