General
-
Target
d966d9141e6f7648149e38012fc8bcdb9734247521b82922bb354243805dcf39.exe
-
Size
677KB
-
Sample
240601-w1brpabf47
-
MD5
570e9b4a9ab96322ea6062acd5f68a90
-
SHA1
713f9ec3d66a473234eecb9895ec6dfc103e165c
-
SHA256
d966d9141e6f7648149e38012fc8bcdb9734247521b82922bb354243805dcf39
-
SHA512
21130539ea010e55bbc3f31b33e8582a776f187172dbf39abb60f5c7076d00004eb34a41d95dca68e8d548b766158c70734ed9a0407badd3e67b69ea5295e37d
-
SSDEEP
12288:9DR+RDgHCN1ZB4PNRECO8+dInETxDG5CmtwPqv3q5+mFl5FQZA:nIDgq1ZB40pdIKOWPqSu
Static task
static1
Behavioral task
behavioral1
Sample
d966d9141e6f7648149e38012fc8bcdb9734247521b82922bb354243805dcf39.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
srv.masternic.net - Port:
587 - Username:
[email protected] - Password:
-H{2Szxi!%qb - Email To:
[email protected]
Targets
-
-
Target
d966d9141e6f7648149e38012fc8bcdb9734247521b82922bb354243805dcf39.exe
-
Size
677KB
-
MD5
570e9b4a9ab96322ea6062acd5f68a90
-
SHA1
713f9ec3d66a473234eecb9895ec6dfc103e165c
-
SHA256
d966d9141e6f7648149e38012fc8bcdb9734247521b82922bb354243805dcf39
-
SHA512
21130539ea010e55bbc3f31b33e8582a776f187172dbf39abb60f5c7076d00004eb34a41d95dca68e8d548b766158c70734ed9a0407badd3e67b69ea5295e37d
-
SSDEEP
12288:9DR+RDgHCN1ZB4PNRECO8+dInETxDG5CmtwPqv3q5+mFl5FQZA:nIDgq1ZB40pdIKOWPqSu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-