General
-
Target
7e00aeec4c4b394654b93c80d66b0e6d78e63cbc97f1668b4d7b0db833b4db1a
-
Size
679KB
-
Sample
240518-j83txsbe23
-
MD5
9b4af560c789e4a0e8fcb4b9fd41a682
-
SHA1
5025073eeba5460861fe9c4cdec9345d62d56358
-
SHA256
7e00aeec4c4b394654b93c80d66b0e6d78e63cbc97f1668b4d7b0db833b4db1a
-
SHA512
afa300adb7b4f6a16160b21d568779c08f1bfd0fccf01411f13b4923056586554ce4e804bf4b57fea4140d09eb0f64739e959718bc5c5e6a318d006fc58dfe2a
-
SSDEEP
12288:ik/r5d67irL179NW6Ge+De4u/Yh8lUul1xOjGtsYt8Sds0uvS0iC:iktdekZ7PGeIu/IaEGtQSy0kf
Static task
static1
Behavioral task
behavioral1
Sample
2940a8fe07543e73573471f46229165e5aa84bf7b42ac60004ab22c916aaff8f.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ddisibjmyxncuflp - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ddisibjmyxncuflp
Targets
-
-
Target
2940a8fe07543e73573471f46229165e5aa84bf7b42ac60004ab22c916aaff8f.exe
-
Size
722KB
-
MD5
eec92f9eaf00561a5b910272f3d9e1d2
-
SHA1
dd7d1313abef47b1a03204ed117788c24541b911
-
SHA256
2940a8fe07543e73573471f46229165e5aa84bf7b42ac60004ab22c916aaff8f
-
SHA512
0a17e4ed10b7ea9ed073d5fdc3e9790057567e2c120d58b612b3f0d0dc17cf93181bca71fd7bba2254f92650f30e40c9030ec46aceb36fcf1403ad73178f1973
-
SSDEEP
12288:jV0pei36ROF/ht9gSRJXnbclb7tQrNTq5w0ftSgrwlL/2:japp36m39rzclQpbgrwl7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-