General
-
Target
dd566ea9737c75cf44885c842a944952d23abc1fb315867b4f07c3b8f37ce01b.exe
-
Size
977KB
-
Sample
240609-k1q1tsgd7t
-
MD5
1165b11c05474471dc47ff054f8e4398
-
SHA1
41977ff5db4bac80d999bb8c5d6eceaee6d3b9ea
-
SHA256
dd566ea9737c75cf44885c842a944952d23abc1fb315867b4f07c3b8f37ce01b
-
SHA512
3dc9dbb18a581630daa00bc59d7aee668881c5464ab7b32b2bd65d9e80376c4e3d5029cce902c9576c05c58dc8c46b2ddf44e8b8add692b6065287c617a3cc6d
-
SSDEEP
24576:1ggC3c6a+JXEbSEnORzgF4hWV5ukNaEIkq1BYyS+TigtY+VT3rMxV:1/YJXEbS9FkV5ukNaEL2uySuigtY+VTc
Static task
static1
Behavioral task
behavioral1
Sample
dd566ea9737c75cf44885c842a944952d23abc1fb315867b4f07c3b8f37ce01b.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
webmaster - Email To:
[email protected]
Targets
-
-
Target
dd566ea9737c75cf44885c842a944952d23abc1fb315867b4f07c3b8f37ce01b.exe
-
Size
977KB
-
MD5
1165b11c05474471dc47ff054f8e4398
-
SHA1
41977ff5db4bac80d999bb8c5d6eceaee6d3b9ea
-
SHA256
dd566ea9737c75cf44885c842a944952d23abc1fb315867b4f07c3b8f37ce01b
-
SHA512
3dc9dbb18a581630daa00bc59d7aee668881c5464ab7b32b2bd65d9e80376c4e3d5029cce902c9576c05c58dc8c46b2ddf44e8b8add692b6065287c617a3cc6d
-
SSDEEP
24576:1ggC3c6a+JXEbSEnORzgF4hWV5ukNaEIkq1BYyS+TigtY+VT3rMxV:1/YJXEbS9FkV5ukNaEL2uySuigtY+VTc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-