General
-
Target
72e0f06a668b5d4dea9dc3885225ee3f4e93d006db34c4ca7fca7e5410a569b7
-
Size
781KB
-
Sample
240604-byvfsshd63
-
MD5
b647e1b9325d328cc74b6525e0b0052f
-
SHA1
2cee7c5edfb29610504f822708f9a36a88b7e352
-
SHA256
72e0f06a668b5d4dea9dc3885225ee3f4e93d006db34c4ca7fca7e5410a569b7
-
SHA512
4782aa2df36a50c1abef71a2a92d3dafced6a82e70f7bc926d277b332e57cb812e748e18269e0c58fb762c364a88f32096b1585861e55e661076e4d12cc402aa
-
SSDEEP
24576:IKN5iZhqztyJ6TXPYbKrGfUHRAk4H4444Cr:PN5iZEtbbP2gA2RAk4H4444Cr
Static task
static1
Behavioral task
behavioral1
Sample
72e0f06a668b5d4dea9dc3885225ee3f4e93d006db34c4ca7fca7e5410a569b7.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.redsea.so - Port:
587 - Username:
[email protected] - Password:
safiya@123 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.redsea.so - Port:
587 - Username:
[email protected] - Password:
safiya@123
Targets
-
-
Target
72e0f06a668b5d4dea9dc3885225ee3f4e93d006db34c4ca7fca7e5410a569b7
-
Size
781KB
-
MD5
b647e1b9325d328cc74b6525e0b0052f
-
SHA1
2cee7c5edfb29610504f822708f9a36a88b7e352
-
SHA256
72e0f06a668b5d4dea9dc3885225ee3f4e93d006db34c4ca7fca7e5410a569b7
-
SHA512
4782aa2df36a50c1abef71a2a92d3dafced6a82e70f7bc926d277b332e57cb812e748e18269e0c58fb762c364a88f32096b1585861e55e661076e4d12cc402aa
-
SSDEEP
24576:IKN5iZhqztyJ6TXPYbKrGfUHRAk4H4444Cr:PN5iZEtbbP2gA2RAk4H4444Cr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-