General
-
Target
4d766d364c6fdef617274773b6f33745a8c38cd897063a3b5deea9e3e69c3e6b
-
Size
658KB
-
Sample
240612-bra4ksxenb
-
MD5
6ca2474cfdc9e2c43526ad14cd72035e
-
SHA1
ec575cfc292afda741f192238ba5999fc325fc80
-
SHA256
4d766d364c6fdef617274773b6f33745a8c38cd897063a3b5deea9e3e69c3e6b
-
SHA512
a540da1614c5ebb8e2aae2824f89cd2e90959d438870a4234f4ea951638aae7e1f1ae2f7042fa450a3011f294cf5b45432391065e8c5264c5ba656df0b282d21
-
SSDEEP
12288:1i8LkpEaeHZb0hcYDupdLrclb815z+2hqonDa/tgZ11ta2rBK1cIsVl:QjErH10hcYkrcl815z+TgZFa2J
Static task
static1
Behavioral task
behavioral1
Sample
4d766d364c6fdef617274773b6f33745a8c38cd897063a3b5deea9e3e69c3e6b.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4d766d364c6fdef617274773b6f33745a8c38cd897063a3b5deea9e3e69c3e6b.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.springandsummer.lk - Port:
587 - Username:
[email protected] - Password:
anu##323 - Email To:
[email protected]
Targets
-
-
Target
4d766d364c6fdef617274773b6f33745a8c38cd897063a3b5deea9e3e69c3e6b
-
Size
658KB
-
MD5
6ca2474cfdc9e2c43526ad14cd72035e
-
SHA1
ec575cfc292afda741f192238ba5999fc325fc80
-
SHA256
4d766d364c6fdef617274773b6f33745a8c38cd897063a3b5deea9e3e69c3e6b
-
SHA512
a540da1614c5ebb8e2aae2824f89cd2e90959d438870a4234f4ea951638aae7e1f1ae2f7042fa450a3011f294cf5b45432391065e8c5264c5ba656df0b282d21
-
SSDEEP
12288:1i8LkpEaeHZb0hcYDupdLrclb815z+2hqonDa/tgZ11ta2rBK1cIsVl:QjErH10hcYkrcl815z+TgZFa2J
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-