General
-
Target
30fcde0b99660d8da19dcf36b406719fafd580d0ae16deb277ebc2c4ca481240
-
Size
653KB
-
Sample
240612-bqzqjsxenr
-
MD5
10cc5c9f53f49cb4719a7e2cac18df5e
-
SHA1
13106c01341c0cf03cbe80cdb7bc5e1d3555f4ec
-
SHA256
30fcde0b99660d8da19dcf36b406719fafd580d0ae16deb277ebc2c4ca481240
-
SHA512
a0bdd3d98de2c5f84a4647b49ccd8fefbabf7ad49cb4d08a120ae2dce04adfcd0e106bfefad2cf53dc823fa39060551dde0d998dd592ba0d230d1d395f2ee211
-
SSDEEP
12288:UVi8LkpEaUTbfE5yDQhSEDRqTgTBeM0AgyQc0vqRFeiq7EBiRx6dTLP:UwjE0yEplqkYM08QcziIERclL
Static task
static1
Behavioral task
behavioral1
Sample
30fcde0b99660d8da19dcf36b406719fafd580d0ae16deb277ebc2c4ca481240.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.starmech.in - Port:
587 - Username:
[email protected] - Password:
gaging@2022 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.starmech.in - Port:
587 - Username:
[email protected] - Password:
gaging@2022
Targets
-
-
Target
30fcde0b99660d8da19dcf36b406719fafd580d0ae16deb277ebc2c4ca481240
-
Size
653KB
-
MD5
10cc5c9f53f49cb4719a7e2cac18df5e
-
SHA1
13106c01341c0cf03cbe80cdb7bc5e1d3555f4ec
-
SHA256
30fcde0b99660d8da19dcf36b406719fafd580d0ae16deb277ebc2c4ca481240
-
SHA512
a0bdd3d98de2c5f84a4647b49ccd8fefbabf7ad49cb4d08a120ae2dce04adfcd0e106bfefad2cf53dc823fa39060551dde0d998dd592ba0d230d1d395f2ee211
-
SSDEEP
12288:UVi8LkpEaUTbfE5yDQhSEDRqTgTBeM0AgyQc0vqRFeiq7EBiRx6dTLP:UwjE0yEplqkYM08QcziIERclL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-