General
-
Target
33985fc81c8cb810bec882cf1bedb2bf43fee4c7ea3cd60790b41f7bbc638a80
-
Size
840KB
-
Sample
240522-b4y16sge5z
-
MD5
4ec4b10a9d353a18be4cf0f2d1bfc6e1
-
SHA1
0e8ffba95197d0c81ce1ebd64a406f903e2c1043
-
SHA256
33985fc81c8cb810bec882cf1bedb2bf43fee4c7ea3cd60790b41f7bbc638a80
-
SHA512
2307b6276467a624bdf885854f5857da1a8cc15b23af2e28b337febf71057420034fa10575e4726835d64741e9bbb83015ab16cc4a10fe2f7fd81ec6b6953bef
-
SSDEEP
12288:FIx504bFtx504bFWxZQHMz90ip4l7n4+wQD6y7O4IZPTTboedF9pO37N:qw4bjw4b8pjMc+wUTq4IPTTboedFvg7
Static task
static1
Behavioral task
behavioral1
Sample
33985fc81c8cb810bec882cf1bedb2bf43fee4c7ea3cd60790b41f7bbc638a80.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
aYl@txL3 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
aYl@txL3
Targets
-
-
Target
33985fc81c8cb810bec882cf1bedb2bf43fee4c7ea3cd60790b41f7bbc638a80
-
Size
840KB
-
MD5
4ec4b10a9d353a18be4cf0f2d1bfc6e1
-
SHA1
0e8ffba95197d0c81ce1ebd64a406f903e2c1043
-
SHA256
33985fc81c8cb810bec882cf1bedb2bf43fee4c7ea3cd60790b41f7bbc638a80
-
SHA512
2307b6276467a624bdf885854f5857da1a8cc15b23af2e28b337febf71057420034fa10575e4726835d64741e9bbb83015ab16cc4a10fe2f7fd81ec6b6953bef
-
SSDEEP
12288:FIx504bFtx504bFWxZQHMz90ip4l7n4+wQD6y7O4IZPTTboedF9pO37N:qw4bjw4b8pjMc+wUTq4IPTTboedFvg7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-