General
-
Target
0eb51ec984a24a6b477f978a784c3bcbda534779b9c9dcbff4e2cd299b0a9109
-
Size
618KB
-
Sample
240523-bgskwafh2x
-
MD5
3f40d72c0e675dc5615c5ecc2edd94fd
-
SHA1
211eab98acaa8231eefd5398274b0b965501e399
-
SHA256
0eb51ec984a24a6b477f978a784c3bcbda534779b9c9dcbff4e2cd299b0a9109
-
SHA512
4a1dcdcbe02faf93e23b847e1aa52e2d281f1018c0fac5e77a61d1b728466603d6f6f0097c99f53a4fc4a41993a35e7fa6ed129b0f29abd35df7e5efa6dc62b1
-
SSDEEP
12288:hLPGQ7ve2zVD4KrR3CzgtgdbIim6lTL600g1uwPAfS+x9geRUjJFPY0Wh:te08Krh1glIimGTe03qdKJBfY
Static task
static1
Behavioral task
behavioral1
Sample
0eb51ec984a24a6b477f978a784c3bcbda534779b9c9dcbff4e2cd299b0a9109.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
[email protected] - Password:
S@les1@emis@fe2023! - Email To:
[email protected]
Targets
-
-
Target
0eb51ec984a24a6b477f978a784c3bcbda534779b9c9dcbff4e2cd299b0a9109
-
Size
618KB
-
MD5
3f40d72c0e675dc5615c5ecc2edd94fd
-
SHA1
211eab98acaa8231eefd5398274b0b965501e399
-
SHA256
0eb51ec984a24a6b477f978a784c3bcbda534779b9c9dcbff4e2cd299b0a9109
-
SHA512
4a1dcdcbe02faf93e23b847e1aa52e2d281f1018c0fac5e77a61d1b728466603d6f6f0097c99f53a4fc4a41993a35e7fa6ed129b0f29abd35df7e5efa6dc62b1
-
SSDEEP
12288:hLPGQ7ve2zVD4KrR3CzgtgdbIim6lTL600g1uwPAfS+x9geRUjJFPY0Wh:te08Krh1glIimGTe03qdKJBfY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-