General
-
Target
2ca6ab9b5571aef408c1f47e4a3802834283b97fd2a75c0e6f675d92fe2b322f
-
Size
751KB
-
Sample
240612-ccb8rsyckl
-
MD5
e6b7493437b908e9d81f7aa0c477fa60
-
SHA1
3cf0249d2239a9b73146e505d3a09d350f43ff3d
-
SHA256
2ca6ab9b5571aef408c1f47e4a3802834283b97fd2a75c0e6f675d92fe2b322f
-
SHA512
148696e8bd3da3f7ed504e8ea4c4bef6dade456863451c553eafae0231ee978bc621730c0770f4e3cd25a3716e36938c80a31fa8d5a12eb318ab20f8e062f44d
-
SSDEEP
12288:8qxcZsfQrHrrQWoqbINii6MvPNaQSzBfBAl0YBMpACR5leZlNm:iZUQjALqbIsi6MHlSF5e0YKpA+erY
Static task
static1
Behavioral task
behavioral1
Sample
2ca6ab9b5571aef408c1f47e4a3802834283b97fd2a75c0e6f675d92fe2b322f.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.albushrametalic.com - Port:
587 - Username:
[email protected] - Password:
GLBL1285# - Email To:
[email protected]
Targets
-
-
Target
2ca6ab9b5571aef408c1f47e4a3802834283b97fd2a75c0e6f675d92fe2b322f
-
Size
751KB
-
MD5
e6b7493437b908e9d81f7aa0c477fa60
-
SHA1
3cf0249d2239a9b73146e505d3a09d350f43ff3d
-
SHA256
2ca6ab9b5571aef408c1f47e4a3802834283b97fd2a75c0e6f675d92fe2b322f
-
SHA512
148696e8bd3da3f7ed504e8ea4c4bef6dade456863451c553eafae0231ee978bc621730c0770f4e3cd25a3716e36938c80a31fa8d5a12eb318ab20f8e062f44d
-
SSDEEP
12288:8qxcZsfQrHrrQWoqbINii6MvPNaQSzBfBAl0YBMpACR5leZlNm:iZUQjALqbIsi6MHlSF5e0YKpA+erY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-