General
-
Target
f23baba313fea263a91462230af31755b31c40ec40e79b39b855712599246339
-
Size
668KB
-
Sample
240523-b62vvahd44
-
MD5
65c8dd7a47ca0eacc8027671c6c0891c
-
SHA1
21e633d91ec91b2291edeb3af68eae787589bf61
-
SHA256
f23baba313fea263a91462230af31755b31c40ec40e79b39b855712599246339
-
SHA512
6523c5db90a8c45224d83748a2a25f3f86025cb000989afa609d705d450f63c16e2f7fae46f398a2ebcdb479a5ca8e9486094776cce1902be8bc2e1e627ce772
-
SSDEEP
12288:6C7UWaSA6GC+iWMGu6t7aoTSyyPjiU0orYItTP9lEQhOAuKpApGdTkJvoFl7xC+C:eWaX7C+iju7aoCjb0oEIXGQbuK2JMxCR
Static task
static1
Behavioral task
behavioral1
Sample
f23baba313fea263a91462230af31755b31c40ec40e79b39b855712599246339.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cozuns.com - Port:
587 - Username:
[email protected] - Password:
Ku;_MUOVC3;E - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
cozuns.com - Port:
587 - Username:
[email protected] - Password:
Ku;_MUOVC3;E
Targets
-
-
Target
f23baba313fea263a91462230af31755b31c40ec40e79b39b855712599246339
-
Size
668KB
-
MD5
65c8dd7a47ca0eacc8027671c6c0891c
-
SHA1
21e633d91ec91b2291edeb3af68eae787589bf61
-
SHA256
f23baba313fea263a91462230af31755b31c40ec40e79b39b855712599246339
-
SHA512
6523c5db90a8c45224d83748a2a25f3f86025cb000989afa609d705d450f63c16e2f7fae46f398a2ebcdb479a5ca8e9486094776cce1902be8bc2e1e627ce772
-
SSDEEP
12288:6C7UWaSA6GC+iWMGu6t7aoTSyyPjiU0orYItTP9lEQhOAuKpApGdTkJvoFl7xC+C:eWaX7C+iju7aoCjb0oEIXGQbuK2JMxCR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-