General
-
Target
7492f02aa1b14cf0841d24258ee474eee5e37f4bffc2d2ee7913676e8e6f0737.exe
-
Size
698KB
-
Sample
240524-nvl2gafg67
-
MD5
1936f9e785d92a881fc7ed6a82817954
-
SHA1
b4e306b0a6229745c7cb37a928dc08f59df61769
-
SHA256
7492f02aa1b14cf0841d24258ee474eee5e37f4bffc2d2ee7913676e8e6f0737
-
SHA512
793c982bdf1277f9ce68d30f9e4383530e47d2a9e024af2208be78d754901c4f158189417c4cdd25dac0efbe9bffd1e4d06b8f8d06a9e396e30a830555a768c5
-
SSDEEP
12288:aajAXYMjhvPie/rByY7777777777777vAxBWfDtrn6cJHvafzKx9gp+nmnXlN3+X:aajAXYMFniyy+AxUfZ6oifzIgomnXlNP
Static task
static1
Behavioral task
behavioral1
Sample
7492f02aa1b14cf0841d24258ee474eee5e37f4bffc2d2ee7913676e8e6f0737.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.afsolutions.gr - Port:
587 - Username:
[email protected] - Password:
Vhtd31!5 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.afsolutions.gr - Port:
587 - Username:
[email protected] - Password:
Vhtd31!5
Targets
-
-
Target
7492f02aa1b14cf0841d24258ee474eee5e37f4bffc2d2ee7913676e8e6f0737.exe
-
Size
698KB
-
MD5
1936f9e785d92a881fc7ed6a82817954
-
SHA1
b4e306b0a6229745c7cb37a928dc08f59df61769
-
SHA256
7492f02aa1b14cf0841d24258ee474eee5e37f4bffc2d2ee7913676e8e6f0737
-
SHA512
793c982bdf1277f9ce68d30f9e4383530e47d2a9e024af2208be78d754901c4f158189417c4cdd25dac0efbe9bffd1e4d06b8f8d06a9e396e30a830555a768c5
-
SSDEEP
12288:aajAXYMjhvPie/rByY7777777777777vAxBWfDtrn6cJHvafzKx9gp+nmnXlN3+X:aajAXYMFniyy+AxUfZ6oifzIgomnXlNP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-