General
-
Target
9d0d641072e19a15513008b8e7fc98d9b866be80e3a2ae2a5ab622b498a1e4c9
-
Size
752KB
-
Sample
240612-cmagxsydqg
-
MD5
47dc4f629841e718c7ea7a4b8918833d
-
SHA1
ab05ea754d14c6cf388db5d0d43fbed34173e4e4
-
SHA256
9d0d641072e19a15513008b8e7fc98d9b866be80e3a2ae2a5ab622b498a1e4c9
-
SHA512
a66e940e99316b1b5ddc09aa815d6ae7830c1fbae417072597b8edf4f9364e79d26e80229b4f55c54cba4f87d7c36cf962b31fbb8793441c369a3d0e302fe29f
-
SSDEEP
12288:JZS5+GcGUskvFq7aYD7AAFV3CTLcLmAB/4mF60r2rACR5leZlNa:JZSjcGh8qOCEg3CsyABAU606A+erk
Static task
static1
Behavioral task
behavioral1
Sample
9d0d641072e19a15513008b8e7fc98d9b866be80e3a2ae2a5ab622b498a1e4c9.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.magna.com.pk - Port:
587 - Username:
[email protected] - Password:
Yil}b95u0Q2x - Email To:
[email protected]
Targets
-
-
Target
9d0d641072e19a15513008b8e7fc98d9b866be80e3a2ae2a5ab622b498a1e4c9
-
Size
752KB
-
MD5
47dc4f629841e718c7ea7a4b8918833d
-
SHA1
ab05ea754d14c6cf388db5d0d43fbed34173e4e4
-
SHA256
9d0d641072e19a15513008b8e7fc98d9b866be80e3a2ae2a5ab622b498a1e4c9
-
SHA512
a66e940e99316b1b5ddc09aa815d6ae7830c1fbae417072597b8edf4f9364e79d26e80229b4f55c54cba4f87d7c36cf962b31fbb8793441c369a3d0e302fe29f
-
SSDEEP
12288:JZS5+GcGUskvFq7aYD7AAFV3CTLcLmAB/4mF60r2rACR5leZlNa:JZSjcGh8qOCEg3CsyABAU606A+erk
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-