General
-
Target
a53e67f5e39583be30acd7b97c5085aa76b45610fcb033285fd443e9fe828bda
-
Size
760KB
-
Sample
240612-b672vsyarg
-
MD5
b57c934f9dd2298807c1adb1adf9c509
-
SHA1
4c0045e513dc6a81920b811fd127e5e80b40a43e
-
SHA256
a53e67f5e39583be30acd7b97c5085aa76b45610fcb033285fd443e9fe828bda
-
SHA512
a7f372ef84aefe98dedfe72a1da4ac261e0459a972ef3d6c8066ec364b8e43d90a17fab368997761222809b4cc835a3ebfbe688d72c3ee7e3932fc05a696c941
-
SSDEEP
12288:POfrI6dBnF5Hl9Gw0l+tYjfnf2KGknEH2nZF/SSE9baXje8tEX8JLd5XvHRM22d:mrIWBn3Gw0otyfXGknYESSE9baXjeRcY
Static task
static1
Behavioral task
behavioral1
Sample
SOF-41593-21052024112851.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
zqamcx.com - Port:
587 - Username:
[email protected] - Password:
Methodman991 - Email To:
[email protected]
Targets
-
-
Target
SOF-41593-21052024112851.exe
-
Size
783KB
-
MD5
6662c13587dc2c81d93e5c2d53683050
-
SHA1
d1dbb9cd770cbf02de049c2820debd6a9d9fa48f
-
SHA256
280b463ac5311b367f5b3678a0305bcfcb7ff877814b0bbabb9839327b578c1f
-
SHA512
afcdbb8ce3ec4fd9a72d5a29875eca0fac577395349157ce277738a68fc3b4aefa71d5286d97a7522ac5afe2341a61d1272f5dafc4665ddb718dc398d8a7267b
-
SSDEEP
24576:Ae0jH3DI5Gw0c36v+i0O+KHqWeDc5XyCBs2A2:cPgGcf9XK5vXh02
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-