General
-
Target
bfe596cd822f76ded21964902b0ebb13.bin
-
Size
656KB
-
Sample
240612-das9yazalb
-
MD5
c66939dc7c3b1e2541103807fbcb42d2
-
SHA1
5cb657b8166a025a6781ccb880be5c7c6b1c2d4f
-
SHA256
227a4db3ace3fbe8a7c0c0e063539a2bbe8197a5704a208d4b228448393c6f40
-
SHA512
73e6fbb9852bcb9771482a86f89a0862a56f9ee898ba039dcca9cd947a44b6c772dc6514d54bd25b66c150a898ff473a1d73829ac79c136c6f84e1aea3f28cfc
-
SSDEEP
12288:rKtRylp6lefxD1I6yC1ojr8Y4Q4+RiHLDF3zM7dyVLVfblmsXSYuWTHqON:rKtRy76lODTyUbY4r1PxzMs/fUsYgH/
Static task
static1
Behavioral task
behavioral1
Sample
5f14a244f730788efe3dc87a9b3d73955ca9e76862c822d6cd3707804a4308a3.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kxnlaos.com - Port:
587 - Username:
[email protected] - Password:
eDe~fz;Cy0{W - Email To:
[email protected]
Targets
-
-
Target
5f14a244f730788efe3dc87a9b3d73955ca9e76862c822d6cd3707804a4308a3.exe
-
Size
685KB
-
MD5
bfe596cd822f76ded21964902b0ebb13
-
SHA1
fd4ad8656cdd121b3d1aeb5bb3b1bbaf6eecbeae
-
SHA256
5f14a244f730788efe3dc87a9b3d73955ca9e76862c822d6cd3707804a4308a3
-
SHA512
6ff01a14595f0a134ff39f94d0c5cdad5056d21c67d273ea5ee8a7c5bb3429b333ae7a723019a3c1e7ca417cd7f3758ecd4f171534aa741de015f304c0249299
-
SSDEEP
12288:lja4o46rdvC1UeWWDVIZqhop5we/rkIK4LtPRQtgEG8LI6ZhuitqtcYg2iNp:l+4o9rdvC1U42qhX0wIK4RPROgirZ4rG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-