General
-
Target
9379798252e9415cbe2737a424e70eac365d3ba932ea6fc1d3a7933bbc2ca9e5
-
Size
836KB
-
Sample
240522-b2ff2sgc27
-
MD5
cf1c3f4a4724a6900fa80c50781f2ec6
-
SHA1
3af1dd6bfc6103ad96e6116613eb6308508487ea
-
SHA256
9379798252e9415cbe2737a424e70eac365d3ba932ea6fc1d3a7933bbc2ca9e5
-
SHA512
d821e75e802bfcc847a4a44dbb857249f82e386d51c8cff31bbaa11f664ecb4907b537274b3d0a9f924211869f856ebfff438838ce62f7824523761a3084b774
-
SSDEEP
24576:5w4bjw4bYD/+YorJLfgFlHJomu1Gm9l7:5w4bjw4bYb+Yo1fgFlHWmuAmL
Static task
static1
Behavioral task
behavioral1
Sample
9379798252e9415cbe2737a424e70eac365d3ba932ea6fc1d3a7933bbc2ca9e5.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.leema.lk - Port:
587 - Username:
[email protected] - Password:
V[3ALIg~jl}T - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.leema.lk - Port:
587 - Username:
[email protected] - Password:
V[3ALIg~jl}T
Targets
-
-
Target
9379798252e9415cbe2737a424e70eac365d3ba932ea6fc1d3a7933bbc2ca9e5
-
Size
836KB
-
MD5
cf1c3f4a4724a6900fa80c50781f2ec6
-
SHA1
3af1dd6bfc6103ad96e6116613eb6308508487ea
-
SHA256
9379798252e9415cbe2737a424e70eac365d3ba932ea6fc1d3a7933bbc2ca9e5
-
SHA512
d821e75e802bfcc847a4a44dbb857249f82e386d51c8cff31bbaa11f664ecb4907b537274b3d0a9f924211869f856ebfff438838ce62f7824523761a3084b774
-
SSDEEP
24576:5w4bjw4bYD/+YorJLfgFlHJomu1Gm9l7:5w4bjw4bYb+Yo1fgFlHWmuAmL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-