General
-
Target
5f49fd192cdacb971dd1b8474bdec087e3bac2c0002c987a32963d60d3b40698
-
Size
1.0MB
-
Sample
240619-cxs21ssckf
-
MD5
bee8fa6ad4290c813073e9947c2e37cb
-
SHA1
27aff42bfbdd1eb590c6087dfb62f48eda939736
-
SHA256
5f49fd192cdacb971dd1b8474bdec087e3bac2c0002c987a32963d60d3b40698
-
SHA512
fddedd7e6088236841ae45674f0ac6dcaf851bae61ae2e431a947652aa09a56797a608bb1a1608fb704c341a5ef8ca79441b6019fb18dbe853ca824c41521864
-
SSDEEP
24576:5MqyC5p2GS++atkjiTlvbLuNX17PvRcb3w0P:t3n2qpnZvbLuNX1r2jZ
Static task
static1
Behavioral task
behavioral1
Sample
5f49fd192cdacb971dd1b8474bdec087e3bac2c0002c987a32963d60d3b40698.exe
Resource
win7-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jicsuit.com - Port:
587 - Username:
[email protected] - Password:
sontosh2022jic - Email To:
[email protected]
Targets
-
-
Target
5f49fd192cdacb971dd1b8474bdec087e3bac2c0002c987a32963d60d3b40698
-
Size
1.0MB
-
MD5
bee8fa6ad4290c813073e9947c2e37cb
-
SHA1
27aff42bfbdd1eb590c6087dfb62f48eda939736
-
SHA256
5f49fd192cdacb971dd1b8474bdec087e3bac2c0002c987a32963d60d3b40698
-
SHA512
fddedd7e6088236841ae45674f0ac6dcaf851bae61ae2e431a947652aa09a56797a608bb1a1608fb704c341a5ef8ca79441b6019fb18dbe853ca824c41521864
-
SSDEEP
24576:5MqyC5p2GS++atkjiTlvbLuNX17PvRcb3w0P:t3n2qpnZvbLuNX1r2jZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-