General
-
Target
2d9d35e187c4df915d22b2fabee804442da2b19f3ac5165cb93d8c3babda9d4c
-
Size
598KB
-
Sample
240518-j9danabe36
-
MD5
1d5fe5109710f8ae2b6636d6e5152bb3
-
SHA1
91c758928da066f1fe7f30edba6472d3580df32a
-
SHA256
2d9d35e187c4df915d22b2fabee804442da2b19f3ac5165cb93d8c3babda9d4c
-
SHA512
731b6025b9f363e2217823445421ba4d100ee1e28880e4ad19e0e6d8b72c231ee354b20a88a258d44fdc31ec0ab7932597f0b7d2689b2514bfcab82efed2d1ef
-
SSDEEP
12288:RpM67gcxiqIfjb9PtPzeEVzVLujf8VDYzriZk/oh+CRVUj5KW8h3zTk+Oo:orcgTf/NtPVUUUv//oHUcW8hQo
Static task
static1
Behavioral task
behavioral1
Sample
d23d7720e102defe044a98f19b42fd6e94ef0bd607f01270f4957db595051114.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.oxatis.com - Port:
587 - Username:
[email protected] - Password:
Sog1952 - Email To:
[email protected]
Targets
-
-
Target
d23d7720e102defe044a98f19b42fd6e94ef0bd607f01270f4957db595051114.exe
-
Size
663KB
-
MD5
d82c117b3945a7f976355b6dc36a5162
-
SHA1
44c2659ae7a7e97fdb2f51b7ee3082b183e59afd
-
SHA256
d23d7720e102defe044a98f19b42fd6e94ef0bd607f01270f4957db595051114
-
SHA512
663d59966422b8fe6ff1104465f0911d67d2274c8820ba643228a0a802065a33e5a5abf82e38829148c6d271f27eb45af1d6a0444c1155fb527500aa1905debd
-
SSDEEP
12288:PoFgYKpHNpEYGkK55kPLB2pMi7WftzxSvNPOT7VNT3PJrdzb4BDwN:4gYKpHjFBK50L0ZE9yNINT3PJRP4w
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-