General
-
Target
b645571a85583af707b1d6137bb64a5666d80508f77f755e8f41f6de79719659
-
Size
850KB
-
Sample
240604-camxgshc9t
-
MD5
ff5f157e3964dad4aea78fcc4803fd80
-
SHA1
c4ab113248649fedb2d5ace38317985cea40701a
-
SHA256
b645571a85583af707b1d6137bb64a5666d80508f77f755e8f41f6de79719659
-
SHA512
f5c55caef090bccb2e91c2808fe11fb3926eab4f37a31dc71133499ed72631558e07e0c2c46d6acc969c4572a664518f2af90c5988a49e7bbfc07297418e3709
-
SSDEEP
24576:LMYe6rN5i8nx0aOeSSN5dUPDhPrr5uKI:LMYeCN5i8nvOq+PrtrI
Static task
static1
Behavioral task
behavioral1
Sample
b645571a85583af707b1d6137bb64a5666d80508f77f755e8f41f6de79719659.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vidaflag.si - Port:
587 - Username:
[email protected] - Password:
Vidaflag15 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.vidaflag.si - Port:
587 - Username:
[email protected] - Password:
Vidaflag15
Targets
-
-
Target
b645571a85583af707b1d6137bb64a5666d80508f77f755e8f41f6de79719659
-
Size
850KB
-
MD5
ff5f157e3964dad4aea78fcc4803fd80
-
SHA1
c4ab113248649fedb2d5ace38317985cea40701a
-
SHA256
b645571a85583af707b1d6137bb64a5666d80508f77f755e8f41f6de79719659
-
SHA512
f5c55caef090bccb2e91c2808fe11fb3926eab4f37a31dc71133499ed72631558e07e0c2c46d6acc969c4572a664518f2af90c5988a49e7bbfc07297418e3709
-
SSDEEP
24576:LMYe6rN5i8nx0aOeSSN5dUPDhPrr5uKI:LMYeCN5i8nvOq+PrtrI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-