General
-
Target
1c47aec0da0d2085fe47ac978d556175410056f85c1da7b6c13b3e599432d687
-
Size
836KB
-
Sample
240522-b2l9lagd8v
-
MD5
0e82f257488485107ca89c6fe560847f
-
SHA1
ca2d4606d85f3d13ca28724a065f9b39813e097d
-
SHA256
1c47aec0da0d2085fe47ac978d556175410056f85c1da7b6c13b3e599432d687
-
SHA512
c7ed74ddfed55382cebdef4bd6efb1f39e7d932241a24f2cfcac7f08e91a6f278515d3e2dc042973614f0db3ef11bce76881566a8dbe53daff5fc85d0dc1194e
-
SSDEEP
24576:fw4bjw4bgo+RLvXK/54VbTtU0gnCTtFV7:fw4bjw4bgoKgydTtwotf
Static task
static1
Behavioral task
behavioral1
Sample
1c47aec0da0d2085fe47ac978d556175410056f85c1da7b6c13b3e599432d687.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cash4cars.nz - Port:
587 - Username:
[email protected] - Password:
logs2024! - Email To:
[email protected]
Targets
-
-
Target
1c47aec0da0d2085fe47ac978d556175410056f85c1da7b6c13b3e599432d687
-
Size
836KB
-
MD5
0e82f257488485107ca89c6fe560847f
-
SHA1
ca2d4606d85f3d13ca28724a065f9b39813e097d
-
SHA256
1c47aec0da0d2085fe47ac978d556175410056f85c1da7b6c13b3e599432d687
-
SHA512
c7ed74ddfed55382cebdef4bd6efb1f39e7d932241a24f2cfcac7f08e91a6f278515d3e2dc042973614f0db3ef11bce76881566a8dbe53daff5fc85d0dc1194e
-
SSDEEP
24576:fw4bjw4bgo+RLvXK/54VbTtU0gnCTtFV7:fw4bjw4bgoKgydTtwotf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-