General
-
Target
9426dad5acbb8dad59994481ea4714ba775af9ee4775b1283957f51f060f70fd
-
Size
698KB
-
Sample
240524-bpjb6sfh9w
-
MD5
373459ab33f19f694e74ccbe758517bd
-
SHA1
1e7815d201871605ebd0f3ddea1eece8bf8d0637
-
SHA256
9426dad5acbb8dad59994481ea4714ba775af9ee4775b1283957f51f060f70fd
-
SHA512
a046e9370b6aba5a0cd74be81083bfe63a7d30c8adef88f1e5b2b80ff861219cdd354f9e4d7d25c115fe2a7501aaabb464544711a5057025e93b996c9c7ca150
-
SSDEEP
12288:mX2AXYMjhvPie/rByY7777777777777UFdPvoldUJA7RyLX4fiymt4If9oTohaSi:mX2AXYMFniyy9DvkobY+fSsaudnlVqhr
Static task
static1
Behavioral task
behavioral1
Sample
9426dad5acbb8dad59994481ea4714ba775af9ee4775b1283957f51f060f70fd.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
aowapnzgtwgqowgt - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
aowapnzgtwgqowgt
Targets
-
-
Target
9426dad5acbb8dad59994481ea4714ba775af9ee4775b1283957f51f060f70fd
-
Size
698KB
-
MD5
373459ab33f19f694e74ccbe758517bd
-
SHA1
1e7815d201871605ebd0f3ddea1eece8bf8d0637
-
SHA256
9426dad5acbb8dad59994481ea4714ba775af9ee4775b1283957f51f060f70fd
-
SHA512
a046e9370b6aba5a0cd74be81083bfe63a7d30c8adef88f1e5b2b80ff861219cdd354f9e4d7d25c115fe2a7501aaabb464544711a5057025e93b996c9c7ca150
-
SSDEEP
12288:mX2AXYMjhvPie/rByY7777777777777UFdPvoldUJA7RyLX4fiymt4If9oTohaSi:mX2AXYMFniyy9DvkobY+fSsaudnlVqhr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-