General
-
Target
280b463ac5311b367f5b3678a0305bcfcb7ff877814b0bbabb9839327b578c1f
-
Size
783KB
-
Sample
240612-b66tssyarf
-
MD5
6662c13587dc2c81d93e5c2d53683050
-
SHA1
d1dbb9cd770cbf02de049c2820debd6a9d9fa48f
-
SHA256
280b463ac5311b367f5b3678a0305bcfcb7ff877814b0bbabb9839327b578c1f
-
SHA512
afcdbb8ce3ec4fd9a72d5a29875eca0fac577395349157ce277738a68fc3b4aefa71d5286d97a7522ac5afe2341a61d1272f5dafc4665ddb718dc398d8a7267b
-
SSDEEP
24576:Ae0jH3DI5Gw0c36v+i0O+KHqWeDc5XyCBs2A2:cPgGcf9XK5vXh02
Static task
static1
Behavioral task
behavioral1
Sample
280b463ac5311b367f5b3678a0305bcfcb7ff877814b0bbabb9839327b578c1f.exe
Resource
win7-20240215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
zqamcx.com - Port:
587 - Username:
[email protected] - Password:
Methodman991 - Email To:
[email protected]
Targets
-
-
Target
280b463ac5311b367f5b3678a0305bcfcb7ff877814b0bbabb9839327b578c1f
-
Size
783KB
-
MD5
6662c13587dc2c81d93e5c2d53683050
-
SHA1
d1dbb9cd770cbf02de049c2820debd6a9d9fa48f
-
SHA256
280b463ac5311b367f5b3678a0305bcfcb7ff877814b0bbabb9839327b578c1f
-
SHA512
afcdbb8ce3ec4fd9a72d5a29875eca0fac577395349157ce277738a68fc3b4aefa71d5286d97a7522ac5afe2341a61d1272f5dafc4665ddb718dc398d8a7267b
-
SSDEEP
24576:Ae0jH3DI5Gw0c36v+i0O+KHqWeDc5XyCBs2A2:cPgGcf9XK5vXh02
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-