General
-
Target
8fa8baa69a115618025f4e426dca60191ba592af3ef3762a9dd711d0ae6b2186
-
Size
712KB
-
Sample
240612-b2hleaxhng
-
MD5
2eb9741462ba922893fbfb57e039cde2
-
SHA1
690a649aae90aa2f941e6bebd24d65a77794d483
-
SHA256
8fa8baa69a115618025f4e426dca60191ba592af3ef3762a9dd711d0ae6b2186
-
SHA512
3ec3e262296a4fade2ee817c9996426506f5eeb4236916a76462bd7a34f2276535aca516860264b38a3319b6a9b98b43a073ab3ba0114f4abc68e51dd394c9a0
-
SSDEEP
12288:tX0pxcV36Di8BtLij39aNYC3ji09SSglOsEtP3TpvbelYeu+jhxJmn+tC:hBFKUpMYAjf9yOsEl3TNelYRehxJP
Static task
static1
Behavioral task
behavioral1
Sample
8fa8baa69a115618025f4e426dca60191ba592af3ef3762a9dd711d0ae6b2186.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
UTnvW5dz75jGBbW1X3tu - Email To:
[email protected]
Targets
-
-
Target
8fa8baa69a115618025f4e426dca60191ba592af3ef3762a9dd711d0ae6b2186
-
Size
712KB
-
MD5
2eb9741462ba922893fbfb57e039cde2
-
SHA1
690a649aae90aa2f941e6bebd24d65a77794d483
-
SHA256
8fa8baa69a115618025f4e426dca60191ba592af3ef3762a9dd711d0ae6b2186
-
SHA512
3ec3e262296a4fade2ee817c9996426506f5eeb4236916a76462bd7a34f2276535aca516860264b38a3319b6a9b98b43a073ab3ba0114f4abc68e51dd394c9a0
-
SSDEEP
12288:tX0pxcV36Di8BtLij39aNYC3ji09SSglOsEtP3TpvbelYeu+jhxJmn+tC:hBFKUpMYAjf9yOsEl3TNelYRehxJP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-