General
-
Target
344708b93ece74c0fe93ed34191ee43aebccde3d6ef7f2c8c62e67018acddc97
-
Size
766KB
-
Sample
240612-b61yjsybjl
-
MD5
e88263dfdc0928a1fd261c3893cf9a2d
-
SHA1
cfdbf47435e6e49e31d0cbdd086db81f7aa34e80
-
SHA256
344708b93ece74c0fe93ed34191ee43aebccde3d6ef7f2c8c62e67018acddc97
-
SHA512
41c16ed89c27548f008a207e15fef2c72212c646b9ce56e41083d7cfb9aac3f9e7c3d04dfba1ccec1c9c58a4da80e3666e7a432d40b21413c555987220916040
-
SSDEEP
12288:U4NID3HH3DI+eWFy4q5dAiawpaFwKTFcwXqauSL09G/MxwbaO9jsqf9Xe:XNIjH3DIP0y4q6wpa2sFWauCMi3Nf9e
Static task
static1
Behavioral task
behavioral1
Sample
344708b93ece74c0fe93ed34191ee43aebccde3d6ef7f2c8c62e67018acddc97.exe
Resource
win7-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
nffplp.com - Port:
587 - Username:
[email protected] - Password:
$Nke%8XIIDtm - Email To:
[email protected]
Targets
-
-
Target
344708b93ece74c0fe93ed34191ee43aebccde3d6ef7f2c8c62e67018acddc97
-
Size
766KB
-
MD5
e88263dfdc0928a1fd261c3893cf9a2d
-
SHA1
cfdbf47435e6e49e31d0cbdd086db81f7aa34e80
-
SHA256
344708b93ece74c0fe93ed34191ee43aebccde3d6ef7f2c8c62e67018acddc97
-
SHA512
41c16ed89c27548f008a207e15fef2c72212c646b9ce56e41083d7cfb9aac3f9e7c3d04dfba1ccec1c9c58a4da80e3666e7a432d40b21413c555987220916040
-
SSDEEP
12288:U4NID3HH3DI+eWFy4q5dAiawpaFwKTFcwXqauSL09G/MxwbaO9jsqf9Xe:XNIjH3DIP0y4q6wpa2sFWauCMi3Nf9e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-