General
-
Target
b0ae2b7437d3c579334053db2da6e1a3b4e0435fcdcc77bc11bcf58c6289a859.exe
-
Size
706KB
-
Sample
240518-le1htade31
-
MD5
d9307c948c324d081e572845ffb7cabc
-
SHA1
1669ced0e46deaaffb404725fa3162c540d6f086
-
SHA256
b0ae2b7437d3c579334053db2da6e1a3b4e0435fcdcc77bc11bcf58c6289a859
-
SHA512
15da0817042a81737a10c7ffe930b2b699aa4d21c46d2e594024ef34c4f2473cf1d455eb40c31dabc8b02bea1f5555a3593c81aff485639cffa5ed2d6653db47
-
SSDEEP
12288:xM2iN3skSKSIwFl9e4FgHFyemxZipNU9jhDDLaZlwRyUqg8M1G3KUr/p:xM19JSNIe9e8g/sZiM9jx8iyHg8gGnrh
Static task
static1
Behavioral task
behavioral1
Sample
b0ae2b7437d3c579334053db2da6e1a3b4e0435fcdcc77bc11bcf58c6289a859.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
Cgn+Udqt0F%y
Extracted
Protocol: ftp- Host:
ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
Cgn+Udqt0F%y
Targets
-
-
Target
b0ae2b7437d3c579334053db2da6e1a3b4e0435fcdcc77bc11bcf58c6289a859.exe
-
Size
706KB
-
MD5
d9307c948c324d081e572845ffb7cabc
-
SHA1
1669ced0e46deaaffb404725fa3162c540d6f086
-
SHA256
b0ae2b7437d3c579334053db2da6e1a3b4e0435fcdcc77bc11bcf58c6289a859
-
SHA512
15da0817042a81737a10c7ffe930b2b699aa4d21c46d2e594024ef34c4f2473cf1d455eb40c31dabc8b02bea1f5555a3593c81aff485639cffa5ed2d6653db47
-
SSDEEP
12288:xM2iN3skSKSIwFl9e4FgHFyemxZipNU9jhDDLaZlwRyUqg8M1G3KUr/p:xM19JSNIe9e8g/sZiM9jx8iyHg8gGnrh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-