General
-
Target
2c8a3906090144a978a557057175ac9a35f3fbfe9e3656af816b315e872a0817
-
Size
760KB
-
Sample
240521-bxkvzadg98
-
MD5
824eccab5d0971111499c8d8fa954ad7
-
SHA1
47e4d29e8280a9d4e744031e90f9e7013ebf91c2
-
SHA256
2c8a3906090144a978a557057175ac9a35f3fbfe9e3656af816b315e872a0817
-
SHA512
cd4d13dcbdaacad9d8fa7c9bbee03b773a6159624ceb7bf143ea0159a1117a164ab123bd8672b644251d1421533ed6750f0eb4fc3b161c8bf3f8674f5752bab2
-
SSDEEP
12288:lIgWET/mr9K+22BEEzFatn/NRUsoAkHz1NglTMaT5472NxgsgtohraXXauyR0Wlj:zWtb3BEPRcAkHzITMOa2NNxaHretJH7r
Static task
static1
Behavioral task
behavioral1
Sample
2c8a3906090144a978a557057175ac9a35f3fbfe9e3656af816b315e872a0817.exe
Resource
win7-20240220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.leema.lk - Port:
587 - Username:
[email protected] - Password:
V[3ALIg~jl}T - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.leema.lk - Port:
587 - Username:
[email protected] - Password:
V[3ALIg~jl}T
Targets
-
-
Target
2c8a3906090144a978a557057175ac9a35f3fbfe9e3656af816b315e872a0817
-
Size
760KB
-
MD5
824eccab5d0971111499c8d8fa954ad7
-
SHA1
47e4d29e8280a9d4e744031e90f9e7013ebf91c2
-
SHA256
2c8a3906090144a978a557057175ac9a35f3fbfe9e3656af816b315e872a0817
-
SHA512
cd4d13dcbdaacad9d8fa7c9bbee03b773a6159624ceb7bf143ea0159a1117a164ab123bd8672b644251d1421533ed6750f0eb4fc3b161c8bf3f8674f5752bab2
-
SSDEEP
12288:lIgWET/mr9K+22BEEzFatn/NRUsoAkHz1NglTMaT5472NxgsgtohraXXauyR0Wlj:zWtb3BEPRcAkHzITMOa2NNxaHretJH7r
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-