General
-
Target
dc4c3978d7e8bedb1a7ef1f1db5b075cbbdb71f5da01d4c4976b6d605fb14b30
-
Size
766KB
-
Sample
240612-b9kezaybmg
-
MD5
3e90435e372fbf40c3c6db31770c82bb
-
SHA1
9d2fc2cd74ac09c8ee08471f3a8f2cdd22ee1893
-
SHA256
dc4c3978d7e8bedb1a7ef1f1db5b075cbbdb71f5da01d4c4976b6d605fb14b30
-
SHA512
3f1c956cce80429b66fa211057a699422ba6fcf18d3aad0d071d1b1ee4c58ced0f9680e4a813a85481da464522f73fbabacdbe800084fc955013c98cf3f2eeef
-
SSDEEP
12288:tAmaoGGYoJ/BHPWX44QzKLG5e/WJL95nGfUbSYjxMZrqqYACR5leZlNM6kR:tAjbGHp1KLiNJL919bSY243A+eruZ
Static task
static1
Behavioral task
behavioral1
Sample
dc4c3978d7e8bedb1a7ef1f1db5b075cbbdb71f5da01d4c4976b6d605fb14b30.exe
Resource
win7-20240215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jvpgclub.com - Port:
587 - Username:
[email protected] - Password:
Suman$2024 - Email To:
[email protected]
Targets
-
-
Target
dc4c3978d7e8bedb1a7ef1f1db5b075cbbdb71f5da01d4c4976b6d605fb14b30
-
Size
766KB
-
MD5
3e90435e372fbf40c3c6db31770c82bb
-
SHA1
9d2fc2cd74ac09c8ee08471f3a8f2cdd22ee1893
-
SHA256
dc4c3978d7e8bedb1a7ef1f1db5b075cbbdb71f5da01d4c4976b6d605fb14b30
-
SHA512
3f1c956cce80429b66fa211057a699422ba6fcf18d3aad0d071d1b1ee4c58ced0f9680e4a813a85481da464522f73fbabacdbe800084fc955013c98cf3f2eeef
-
SSDEEP
12288:tAmaoGGYoJ/BHPWX44QzKLG5e/WJL95nGfUbSYjxMZrqqYACR5leZlNM6kR:tAjbGHp1KLiNJL919bSY243A+eruZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-