General
-
Target
1b4cd0759ffb8314d799031e229d82bf5adf74ed60f0430c4df7fad3b49137f0.exe
-
Size
98KB
-
Sample
240618-svgh7stdpp
-
MD5
9ea3d152c4e248841abf4f490a84b8c9
-
SHA1
77d61f0c95c5f7cd4378ca528c4d13ce283af5c4
-
SHA256
1b4cd0759ffb8314d799031e229d82bf5adf74ed60f0430c4df7fad3b49137f0
-
SHA512
53f264afbc654519ef97efa33ea2c8fa2afcb30505e67f775f67aa4dffd3570861c532cfd8bc7465a93822122d08f761054b2dc75d52893cdde397e941d92fec
-
SSDEEP
1536:+A4Lk8u2qHlllllllOdQlwEn+glllllllllllllllllll5xw5ll:RMtYwiVxw5ll
Static task
static1
Behavioral task
behavioral1
Sample
1b4cd0759ffb8314d799031e229d82bf5adf74ed60f0430c4df7fad3b49137f0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1b4cd0759ffb8314d799031e229d82bf5adf74ed60f0430c4df7fad3b49137f0.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
6RLYuUCIH8hN - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
6RLYuUCIH8hN
Targets
-
-
Target
1b4cd0759ffb8314d799031e229d82bf5adf74ed60f0430c4df7fad3b49137f0.exe
-
Size
98KB
-
MD5
9ea3d152c4e248841abf4f490a84b8c9
-
SHA1
77d61f0c95c5f7cd4378ca528c4d13ce283af5c4
-
SHA256
1b4cd0759ffb8314d799031e229d82bf5adf74ed60f0430c4df7fad3b49137f0
-
SHA512
53f264afbc654519ef97efa33ea2c8fa2afcb30505e67f775f67aa4dffd3570861c532cfd8bc7465a93822122d08f761054b2dc75d52893cdde397e941d92fec
-
SSDEEP
1536:+A4Lk8u2qHlllllllOdQlwEn+glllllllllllllllllll5xw5ll:RMtYwiVxw5ll
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-