General
-
Target
182873a3506ff1672872df4e60f3ab692395d4d8aa736815e3f3246a05d22e0a
-
Size
776KB
-
Sample
240524-brxmksgd23
-
MD5
dbd661f87b1e5ab77f8aa040b0372beb
-
SHA1
887fe37f8771ae5fb7c7d802dada935d9f26cf67
-
SHA256
182873a3506ff1672872df4e60f3ab692395d4d8aa736815e3f3246a05d22e0a
-
SHA512
cda5a9f1d4355051a03b08bb03295027d3ea64067b49e76cee0094f62fa07608a2700f937791612067aaaf06e6c2b144669852d535347f2f872ed55f7cd56913
-
SSDEEP
12288:rPJPZAXZLD66F/i6macKmdijSATSTO9A8lJPm0T87v08+Dsw/nxS8Kjj7tWmcgQx:rhPZgL2i/i6mxK9BOTOeT7c+F3wmj6F
Static task
static1
Behavioral task
behavioral1
Sample
182873a3506ff1672872df4e60f3ab692395d4d8aa736815e3f3246a05d22e0a.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
[email protected] - Password:
S@les1@emis@fe2023! - Email To:
[email protected]
Targets
-
-
Target
182873a3506ff1672872df4e60f3ab692395d4d8aa736815e3f3246a05d22e0a
-
Size
776KB
-
MD5
dbd661f87b1e5ab77f8aa040b0372beb
-
SHA1
887fe37f8771ae5fb7c7d802dada935d9f26cf67
-
SHA256
182873a3506ff1672872df4e60f3ab692395d4d8aa736815e3f3246a05d22e0a
-
SHA512
cda5a9f1d4355051a03b08bb03295027d3ea64067b49e76cee0094f62fa07608a2700f937791612067aaaf06e6c2b144669852d535347f2f872ed55f7cd56913
-
SSDEEP
12288:rPJPZAXZLD66F/i6macKmdijSATSTO9A8lJPm0T87v08+Dsw/nxS8Kjj7tWmcgQx:rhPZgL2i/i6mxK9BOTOeT7c+F3wmj6F
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-