General
-
Target
50a04e6365ff52ca1c6f926a30edeeff8c1c44283b2f2b0fcb5ba1e0476e9be2
-
Size
676KB
-
Sample
240523-c2r1hsba39
-
MD5
585db3a8eed13f1a2bbc01d118687b40
-
SHA1
8b6816112d5387f3e1c87568c7a2741fb630687b
-
SHA256
50a04e6365ff52ca1c6f926a30edeeff8c1c44283b2f2b0fcb5ba1e0476e9be2
-
SHA512
af14f6a1e705aa9a08ad49a51e57351c5487d16d7f8dcca9cbae85d18adbb159848ab6cc46356f7648d643d2d4cef4f2890936997ec5c13a881576b6fe614e07
-
SSDEEP
12288:eSyi8LkpEawtl6Y66BMWwjQ2KNewh7fpqnnFvssj8jPqkIHBSvf5F2G06aWquqzm:FjEVpGWs/q7QnnFHjaPwhSmGXaEn/
Static task
static1
Behavioral task
behavioral1
Sample
50a04e6365ff52ca1c6f926a30edeeff8c1c44283b2f2b0fcb5ba1e0476e9be2.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.greenimpressionbd.com - Port:
587 - Username:
[email protected] - Password:
Rumizaman123 - Email To:
[email protected]
Targets
-
-
Target
50a04e6365ff52ca1c6f926a30edeeff8c1c44283b2f2b0fcb5ba1e0476e9be2
-
Size
676KB
-
MD5
585db3a8eed13f1a2bbc01d118687b40
-
SHA1
8b6816112d5387f3e1c87568c7a2741fb630687b
-
SHA256
50a04e6365ff52ca1c6f926a30edeeff8c1c44283b2f2b0fcb5ba1e0476e9be2
-
SHA512
af14f6a1e705aa9a08ad49a51e57351c5487d16d7f8dcca9cbae85d18adbb159848ab6cc46356f7648d643d2d4cef4f2890936997ec5c13a881576b6fe614e07
-
SSDEEP
12288:eSyi8LkpEawtl6Y66BMWwjQ2KNewh7fpqnnFvssj8jPqkIHBSvf5F2G06aWquqzm:FjEVpGWs/q7QnnFHjaPwhSmGXaEn/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-