General
-
Target
ff88046e7a20294b52aeba5ede8dcf3a00806135635c24ef4af8d496e455a7c3
-
Size
1.6MB
-
Sample
240612-bwk5caxfqk
-
MD5
cfccda29d5a911a41b9a43da36f26fb8
-
SHA1
9b2f0fb6c1a3bec3a5a78cf5232aca66a068dcdc
-
SHA256
ff88046e7a20294b52aeba5ede8dcf3a00806135635c24ef4af8d496e455a7c3
-
SHA512
8e6018fb3fc1d61905eec17a476b231a29d006b8946db02a18ed1241c5a822f9b64ecef6452c799e1252bdc866e91aeb5c9bfd4411980f9fad2b8e7c430bd085
-
SSDEEP
12288:tQtB/yt7l6/CNYLQ9S5StSkjes4WCtdSgXv7fGTK32x:qtBER0CNHIujPFk3gKmx
Static task
static1
Behavioral task
behavioral1
Sample
ff88046e7a20294b52aeba5ede8dcf3a00806135635c24ef4af8d496e455a7c3.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
[email protected] - Password:
T2@Gwt567 - Email To:
[email protected]
Targets
-
-
Target
ff88046e7a20294b52aeba5ede8dcf3a00806135635c24ef4af8d496e455a7c3
-
Size
1.6MB
-
MD5
cfccda29d5a911a41b9a43da36f26fb8
-
SHA1
9b2f0fb6c1a3bec3a5a78cf5232aca66a068dcdc
-
SHA256
ff88046e7a20294b52aeba5ede8dcf3a00806135635c24ef4af8d496e455a7c3
-
SHA512
8e6018fb3fc1d61905eec17a476b231a29d006b8946db02a18ed1241c5a822f9b64ecef6452c799e1252bdc866e91aeb5c9bfd4411980f9fad2b8e7c430bd085
-
SSDEEP
12288:tQtB/yt7l6/CNYLQ9S5StSkjes4WCtdSgXv7fGTK32x:qtBER0CNHIujPFk3gKmx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-