General
-
Target
Scan-TNB-#2024393_SNB-4427394_13-06-2024.exe
-
Size
1.1MB
-
Sample
240618-qxyjdszenq
-
MD5
1a838c9f467cdc7804418b288595338e
-
SHA1
5e89201a28803287a67bf11a7045e711b83758a1
-
SHA256
59b4c6293d3b0c1340df2e3e1ad4713f5d5e95e2585a58962936f69a641227a3
-
SHA512
41fb2ba04b72e1931aa8adb5435b57019cfb00a5aaad3dd92d5a917fbd36c530d51de31f166ddf5ff1e7182e47609101a4dabeee96ad6d69996ee49499c46121
-
SSDEEP
24576:RmgyC5o2GSO6hVceaqIUobQW3xlN3r7UBSEezCCnD/eEo2Ll:Rv3e2dhV9cUobL3LN7INCDdo2
Static task
static1
Behavioral task
behavioral1
Sample
Scan-TNB-#2024393_SNB-4427394_13-06-2024.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.coperwire.com - Port:
587 - Username:
[email protected] - Password:
dU?QG2)^646T - Email To:
[email protected]
Targets
-
-
Target
Scan-TNB-#2024393_SNB-4427394_13-06-2024.exe
-
Size
1.1MB
-
MD5
1a838c9f467cdc7804418b288595338e
-
SHA1
5e89201a28803287a67bf11a7045e711b83758a1
-
SHA256
59b4c6293d3b0c1340df2e3e1ad4713f5d5e95e2585a58962936f69a641227a3
-
SHA512
41fb2ba04b72e1931aa8adb5435b57019cfb00a5aaad3dd92d5a917fbd36c530d51de31f166ddf5ff1e7182e47609101a4dabeee96ad6d69996ee49499c46121
-
SSDEEP
24576:RmgyC5o2GSO6hVceaqIUobQW3xlN3r7UBSEezCCnD/eEo2Ll:Rv3e2dhV9cUobL3LN7INCDdo2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-