General
-
Target
6757fdf010a7f13414a4d7285597b0b7b950d7766bdc591c87ab4176ec15a477.rar
-
Size
606KB
-
Sample
240523-bbpxssfe9x
-
MD5
ff6ac6306f1c3b42d9554ff4af13c26f
-
SHA1
1487c174104dbe45b62825617a194ecb3f4fffe8
-
SHA256
6757fdf010a7f13414a4d7285597b0b7b950d7766bdc591c87ab4176ec15a477
-
SHA512
c6d5aaad9ea474fd5d1473d721bf9f017eb3922443540a3802c2f9b960486f61fd89b264a67337e76da2a5ee7dbb62d636d70c64d154ab90a0f5358de2cd7c05
-
SSDEEP
12288:R6J2FiKx7FWC4+fm7POhbbMvu4TIvvXI+qlaFT9L2I6PnPGGkP+j1pe295:gLKx7n4++7WpAvu4TIvvY+qAL2IAPPjB
Static task
static1
Behavioral task
behavioral1
Sample
PO82107048.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PO82107048.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mbarieservicesltd.com - Port:
587 - Username:
[email protected] - Password:
*o9H+18Q4%;M - Email To:
[email protected]
Targets
-
-
Target
PO82107048.exe
-
Size
684KB
-
MD5
04e91a7f1546da0a85e5fc3fd8eaa999
-
SHA1
ab550405abd86070d515bc690bb5192e89d0902a
-
SHA256
8c7a2e6b92c3db88ad183a2a6da6f523be61e4268782fa03c7bd4143f614ece7
-
SHA512
be04801af3deebc3d1fa52be8983124187b3c3fb3454a188fcf10e0de6f74fb9c976d592325528805b52fae5e9a37d49292d3248da22cc2849a85885448faff9
-
SSDEEP
12288:IIbWET/mr9K+22BEEzFatn/0jRgRvFY1lwlib+nKQzC3YnnbnepLTx7:tWtb3BEq1mYDXZonbYLTx7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-