General
-
Target
f5a1fca85008da2247fafe3846709143d53d62ee6d6b156d94ee5d03414ae28f
-
Size
943KB
-
Sample
240604-bwk5cahc58
-
MD5
dc9e261e1e8cb99c8258deee26000c6a
-
SHA1
7b2f70bc295a7232a0391c2b614c9ca286e96d16
-
SHA256
f5a1fca85008da2247fafe3846709143d53d62ee6d6b156d94ee5d03414ae28f
-
SHA512
c51744cff5aec01e9760386aa0365732922bf0b588e4d85b8f2764bf039bae1fce8e736707023a250992241825125ca83f6f045f29a49d05110ed193fc797203
-
SSDEEP
24576:ldNtEVToATcCEo7Dtw9lUHN7mzdW/9YQLZZc:ldwToicFo7Di9l2N74dwh
Static task
static1
Behavioral task
behavioral1
Sample
f5a1fca85008da2247fafe3846709143d53d62ee6d6b156d94ee5d03414ae28f.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.floormelody.com.sg - Port:
587 - Username:
[email protected] - Password:
FloorMelody0208 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.floormelody.com.sg - Port:
587 - Username:
[email protected] - Password:
FloorMelody0208
Targets
-
-
Target
f5a1fca85008da2247fafe3846709143d53d62ee6d6b156d94ee5d03414ae28f
-
Size
943KB
-
MD5
dc9e261e1e8cb99c8258deee26000c6a
-
SHA1
7b2f70bc295a7232a0391c2b614c9ca286e96d16
-
SHA256
f5a1fca85008da2247fafe3846709143d53d62ee6d6b156d94ee5d03414ae28f
-
SHA512
c51744cff5aec01e9760386aa0365732922bf0b588e4d85b8f2764bf039bae1fce8e736707023a250992241825125ca83f6f045f29a49d05110ed193fc797203
-
SSDEEP
24576:ldNtEVToATcCEo7Dtw9lUHN7mzdW/9YQLZZc:ldwToicFo7Di9l2N74dwh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-