General
-
Target
20f88e6dcb6abbaff7cb9b797373e47a88b658ebc260583f1d11a6e8a7f123a8
-
Size
719KB
-
Sample
240519-bgzdesab61
-
MD5
3766727a0843ef04d744ca22deb22fae
-
SHA1
eb3f9158cc30ee9f14e9fc1a99a9d7472bda4911
-
SHA256
20f88e6dcb6abbaff7cb9b797373e47a88b658ebc260583f1d11a6e8a7f123a8
-
SHA512
5894892d0c6f9eff9a34a3c74b8724cd34a1d57b10200ead877a92f9aa12b88566beb3bbf2d339c24b3f9f89a7bf6017fcec7bbe985b9f7d84d962f0f4497a79
-
SSDEEP
12288:ipTeH81jJUpXClK7e73X5FhqsySWg59HdjSjFAYCzc/wyqcvqFqjUkR:x8M9aKq71qsyqH5S+c//qcvnjT
Static task
static1
Behavioral task
behavioral1
Sample
20f88e6dcb6abbaff7cb9b797373e47a88b658ebc260583f1d11a6e8a7f123a8.exe
Resource
win7-20240215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
@Veronica24 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
@Veronica24
Targets
-
-
Target
20f88e6dcb6abbaff7cb9b797373e47a88b658ebc260583f1d11a6e8a7f123a8
-
Size
719KB
-
MD5
3766727a0843ef04d744ca22deb22fae
-
SHA1
eb3f9158cc30ee9f14e9fc1a99a9d7472bda4911
-
SHA256
20f88e6dcb6abbaff7cb9b797373e47a88b658ebc260583f1d11a6e8a7f123a8
-
SHA512
5894892d0c6f9eff9a34a3c74b8724cd34a1d57b10200ead877a92f9aa12b88566beb3bbf2d339c24b3f9f89a7bf6017fcec7bbe985b9f7d84d962f0f4497a79
-
SSDEEP
12288:ipTeH81jJUpXClK7e73X5FhqsySWg59HdjSjFAYCzc/wyqcvqFqjUkR:x8M9aKq71qsyqH5S+c//qcvnjT
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-