General
-
Target
c6082b6a09f1ad147a09cc579f562e66822d424cc0293b846c653d1a4787984b
-
Size
876KB
-
Sample
240612-b9tcwaybnp
-
MD5
3dcbd6e5cb8c4d41fd60008732172eaf
-
SHA1
c6f07d35fe09aaf673f85fb4bc49feea6d5afb91
-
SHA256
c6082b6a09f1ad147a09cc579f562e66822d424cc0293b846c653d1a4787984b
-
SHA512
952dff387f43d97974e1bce4b58c2bcadb96e2d82469cb3bf567926070a02f609a950b0718efa45cdc4c543ad5a07b0eae8d8698cdf4033dff29ad6c7ee6adeb
-
SSDEEP
24576:Xg61jjk0LAta9A2kDI59U3P6EnHtD5VyHlRw8wS0Y5:2dP68jyHlRwEd
Static task
static1
Behavioral task
behavioral1
Sample
c6082b6a09f1ad147a09cc579f562e66822d424cc0293b846c653d1a4787984b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c6082b6a09f1ad147a09cc579f562e66822d424cc0293b846c653d1a4787984b.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.shaktiinstrumentations.in - Port:
587 - Username:
[email protected] - Password:
Shakti54231!@#$%#@! - Email To:
[email protected]
Targets
-
-
Target
c6082b6a09f1ad147a09cc579f562e66822d424cc0293b846c653d1a4787984b
-
Size
876KB
-
MD5
3dcbd6e5cb8c4d41fd60008732172eaf
-
SHA1
c6f07d35fe09aaf673f85fb4bc49feea6d5afb91
-
SHA256
c6082b6a09f1ad147a09cc579f562e66822d424cc0293b846c653d1a4787984b
-
SHA512
952dff387f43d97974e1bce4b58c2bcadb96e2d82469cb3bf567926070a02f609a950b0718efa45cdc4c543ad5a07b0eae8d8698cdf4033dff29ad6c7ee6adeb
-
SSDEEP
24576:Xg61jjk0LAta9A2kDI59U3P6EnHtD5VyHlRw8wS0Y5:2dP68jyHlRwEd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-