General
-
Target
f3f16394e19924cab07947150440a98afe830eed093d28a5c1864749f334c7df
-
Size
1.3MB
-
Sample
240521-b3dzlsea77
-
MD5
299e7498a9dea3b12e0c70872b69368b
-
SHA1
e6161b31c7672d7f66d052b48b1ab026481329e2
-
SHA256
f3f16394e19924cab07947150440a98afe830eed093d28a5c1864749f334c7df
-
SHA512
f9a3f7d0270c3b1a14f5bb27256ab070068b5942a7154d0ee2bc2b91f38ba60e9e2d67a0cd691a29bbdadc57d4486004f60037be57e005dd2067698a451b929c
-
SSDEEP
24576:MWtb3BECGZup4YNqyDU/ak0VC+Gx9l/UKz:nZBEC+hYcl0VC+GHl/Tz
Static task
static1
Behavioral task
behavioral1
Sample
OSW10953T8I3N.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cozuns.com - Port:
587 - Username:
[email protected] - Password:
Ku;_MUOVC3;E - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
cozuns.com - Port:
587 - Username:
[email protected] - Password:
Ku;_MUOVC3;E
Targets
-
-
Target
OSW10953T8I3N.exe
-
Size
758KB
-
MD5
2324eb726442477fd815ef208dea89d8
-
SHA1
384b147072ae53249a6141fd12ae99f29c45c77f
-
SHA256
3638e246dffc1c3aa6feb42adfe4fa4f57ea73cbcc6da8767a1b08db70670009
-
SHA512
4eaef4a02e46fa68e9ae042cc23717afe78caf228613b85fd89fdd1a63f43bf8d82738bd904a6532d38c64a8c8e44ce182b001fe806deceb732f9a0e93680beb
-
SSDEEP
12288:7IsWET/mr9K+22BEEzFatnAGC8fup4YNEaayCwg7/akeCIgJmCVJKG9Hn9l/0VTy:hWtb3BECGZup4YNqyDU/ak0VC+Gx9l/X
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-