General
-
Target
d6a6b81a066b5b7a8194929ff127f2c125ccba02a6e8a0319a7cca931cd9788a.zip
-
Size
681KB
-
Sample
240609-lne88sgh2x
-
MD5
32e4201c168e59371bb5ad1895fd5f6b
-
SHA1
268f5254534f282c7a9302ce50b19f89a78b6bb2
-
SHA256
d6a6b81a066b5b7a8194929ff127f2c125ccba02a6e8a0319a7cca931cd9788a
-
SHA512
9685eed4f9c3239032bdd6a194068506786adda8deebe8dddcf6282db459f8386fee7986df9c66c7db270562a8b77ffda2971f11441a450a407def014f8a4577
-
SSDEEP
12288:9unaJW+Nq5jjZOyoiZFrjkrqsE4P24lwEeon7m78bPo7p:rNq5hLoiZGqsibJS7m7ePo7p
Static task
static1
Behavioral task
behavioral1
Sample
STATEMENT OF ACCOUNT.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.springandsummer.lk - Port:
587 - Username:
[email protected] - Password:
anu##323 - Email To:
[email protected]
Targets
-
-
Target
STATEMENT OF ACCOUNT.exe
-
Size
779KB
-
MD5
c3245f5ed1ef3b1fa4065c8cb4cd27c8
-
SHA1
f3bfaf829add69d1c39a5045fba5faa02b345f20
-
SHA256
113e56cc0bb3dca13bf13c0e47a25b102b4f8e7af8b156fc7e6fcd76ba40c8ff
-
SHA512
6a9760e20b5114c56cd31cba377f9fa54812dab6e4e90f533a214b88a519e89c85a84249e02458b7a060635f755833f006134d064b828b73fc3cd36dd228d818
-
SSDEEP
12288:GQt+5v4c5nvCRzsgfZ+E40r9RqTBtF3Q0XsKNr+u9Y6vdjTOM5H0dG1qqQ24FPzn:0BtF3Q0XLCuy6vpfOeH1eCrXW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-