General
-
Target
cc723f0ac65ba121a16e61e57382c6d9f0158200933e629ae325264158be5d94
-
Size
764KB
-
Sample
240612-b7lj9aybjc
-
MD5
3150f17a9cf82eb6249b6b64c10acc77
-
SHA1
762e22cefa3175abee317d12038fdcd7447e0bec
-
SHA256
cc723f0ac65ba121a16e61e57382c6d9f0158200933e629ae325264158be5d94
-
SHA512
fa8b59df979367d8c07d2b0ef3940d76e26172c83f7cd22834f3621c29b35a9dda74ebf4f72fd2a463993dfa53098c1b7f3872f81bd36e36f1569abb9777b0f2
-
SSDEEP
12288:/K2jD3HH3DI+ibrHGHr2zQXtGwI6P/q5M+S08uqVfXib23LZ/8EzY+Vv1B3ajFpU:i2jjH3DIpHs20dGwIueM+d8uQib23LZV
Static task
static1
Behavioral task
behavioral1
Sample
cc723f0ac65ba121a16e61e57382c6d9f0158200933e629ae325264158be5d94.exe
Resource
win7-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.magna.com.pk - Port:
587 - Username:
[email protected] - Password:
Yil}b95u0Q2x - Email To:
[email protected]
Targets
-
-
Target
cc723f0ac65ba121a16e61e57382c6d9f0158200933e629ae325264158be5d94
-
Size
764KB
-
MD5
3150f17a9cf82eb6249b6b64c10acc77
-
SHA1
762e22cefa3175abee317d12038fdcd7447e0bec
-
SHA256
cc723f0ac65ba121a16e61e57382c6d9f0158200933e629ae325264158be5d94
-
SHA512
fa8b59df979367d8c07d2b0ef3940d76e26172c83f7cd22834f3621c29b35a9dda74ebf4f72fd2a463993dfa53098c1b7f3872f81bd36e36f1569abb9777b0f2
-
SSDEEP
12288:/K2jD3HH3DI+ibrHGHr2zQXtGwI6P/q5M+S08uqVfXib23LZ/8EzY+Vv1B3ajFpU:i2jjH3DIpHs20dGwIueM+d8uQib23LZV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-