General
-
Target
53a5e299f9e221537cc2d8d12f5104e6c7c35c6816c5648e2f1807198bbdd37d
-
Size
166KB
-
Sample
240612-b2jhpsxhnm
-
MD5
ed1f4802fc687f24827dc818def3862c
-
SHA1
e4a066d81dd582f7dee2d523feac1612f1809649
-
SHA256
53a5e299f9e221537cc2d8d12f5104e6c7c35c6816c5648e2f1807198bbdd37d
-
SHA512
4720a25d5bb6de9b8cc8cf2ef2b11fb52e3ad9fabd25ebcec92ce055671dcbb0dd2882c95580449e6c4374a3d927a1d7c949d75db76772d02ce5465aad97a40d
-
SSDEEP
768:bQ0KFwpdwTXm/Rer+pg4pXDOTixnaLB0Kt4r:bQBGwTXmMrIDpXDO0nO0Kt4r
Static task
static1
Behavioral task
behavioral1
Sample
53a5e299f9e221537cc2d8d12f5104e6c7c35c6816c5648e2f1807198bbdd37d.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
53a5e299f9e221537cc2d8d12f5104e6c7c35c6816c5648e2f1807198bbdd37d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
ABwuRZS5Mjh5 - Email To:
[email protected]
Targets
-
-
Target
53a5e299f9e221537cc2d8d12f5104e6c7c35c6816c5648e2f1807198bbdd37d
-
Size
166KB
-
MD5
ed1f4802fc687f24827dc818def3862c
-
SHA1
e4a066d81dd582f7dee2d523feac1612f1809649
-
SHA256
53a5e299f9e221537cc2d8d12f5104e6c7c35c6816c5648e2f1807198bbdd37d
-
SHA512
4720a25d5bb6de9b8cc8cf2ef2b11fb52e3ad9fabd25ebcec92ce055671dcbb0dd2882c95580449e6c4374a3d927a1d7c949d75db76772d02ce5465aad97a40d
-
SSDEEP
768:bQ0KFwpdwTXm/Rer+pg4pXDOTixnaLB0Kt4r:bQBGwTXmMrIDpXDO0nO0Kt4r
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-