General
-
Target
AWB#5305323204643.scr.exe
-
Size
1.1MB
-
Sample
240617-qv8xcataka
-
MD5
87eb4ab4033081b7f43d983be380eaaf
-
SHA1
7417d9006b798ebdf722a5372b885de86fcc73ff
-
SHA256
845261d1133cf6d21dc2b756bff6282285739c4856582fc369ad4f688e128dce
-
SHA512
89e83526479df625c9e5e73108ec7c37c2573409de8c85c3a09e3b9984d8cb8a515b88d6fff89a2ccbf45a19da8f246a926d744e9797e5bf6e77e7dbb312a291
-
SSDEEP
24576:vCMd92C77NeTxXQo72s3cz1QGsbdnRHj:vld92eeTxAj9QtZn
Static task
static1
Behavioral task
behavioral1
Sample
AWB#5305323204643.scr.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
AWB#5305323204643.scr.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.naveentour.com - Port:
587 - Username:
[email protected] - Password:
nav!T6u2@001 - Email To:
[email protected]
Targets
-
-
Target
AWB#5305323204643.scr.exe
-
Size
1.1MB
-
MD5
87eb4ab4033081b7f43d983be380eaaf
-
SHA1
7417d9006b798ebdf722a5372b885de86fcc73ff
-
SHA256
845261d1133cf6d21dc2b756bff6282285739c4856582fc369ad4f688e128dce
-
SHA512
89e83526479df625c9e5e73108ec7c37c2573409de8c85c3a09e3b9984d8cb8a515b88d6fff89a2ccbf45a19da8f246a926d744e9797e5bf6e77e7dbb312a291
-
SSDEEP
24576:vCMd92C77NeTxXQo72s3cz1QGsbdnRHj:vld92eeTxAj9QtZn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-