General
-
Target
030c3ed1ceddcc1ab76f96f7a4db51d534103609b8a905e7eeb9f4d514441195
-
Size
656KB
-
Sample
240523-c3m3ysag9v
-
MD5
cf5e57ce511348f437755117514c6f5e
-
SHA1
9b9e860fca8e6113678fd53b5b59648dc2f0f329
-
SHA256
030c3ed1ceddcc1ab76f96f7a4db51d534103609b8a905e7eeb9f4d514441195
-
SHA512
1e89dc3816559e49ceaa661d5834b092f259d196261d7ecaf44c98b6cd76e27d8dbfd0790cb08836ea18b07dc38d32b5b3746fcd433f987b3326b1bf6cf389c3
-
SSDEEP
12288:MOzi8LkpEaK1uaeDuml4NjQ+fYt0siDAwkbljbDDImBw3a0oUygx6JGP4HG2TdeR:MO2jEz3p5NjAasi0rbF/DImBwq0vyCiJ
Static task
static1
Behavioral task
behavioral1
Sample
030c3ed1ceddcc1ab76f96f7a4db51d534103609b8a905e7eeb9f4d514441195.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.magna.com.pk - Port:
587 - Username:
[email protected] - Password:
Ahp6wqxfZb)D - Email To:
[email protected]
Targets
-
-
Target
030c3ed1ceddcc1ab76f96f7a4db51d534103609b8a905e7eeb9f4d514441195
-
Size
656KB
-
MD5
cf5e57ce511348f437755117514c6f5e
-
SHA1
9b9e860fca8e6113678fd53b5b59648dc2f0f329
-
SHA256
030c3ed1ceddcc1ab76f96f7a4db51d534103609b8a905e7eeb9f4d514441195
-
SHA512
1e89dc3816559e49ceaa661d5834b092f259d196261d7ecaf44c98b6cd76e27d8dbfd0790cb08836ea18b07dc38d32b5b3746fcd433f987b3326b1bf6cf389c3
-
SSDEEP
12288:MOzi8LkpEaK1uaeDuml4NjQ+fYt0siDAwkbljbDDImBw3a0oUygx6JGP4HG2TdeR:MO2jEz3p5NjAasi0rbF/DImBwq0vyCiJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-