General
-
Target
123.exexxxxxxxx
-
Size
2.2MB
-
Sample
240619-gssb5szdln
-
MD5
7932f6ceafe3ff9a846d76e083c9bdc3
-
SHA1
586e455bd53f5d16a53c3c639e2c07b0931663c9
-
SHA256
8118f08c6421a0b84083b59fe557b4035da882d343899149b127f3d1f00ce268
-
SHA512
99d31a77361277b52f8f6ab66722c17735d2d65e3d41943321fca38e3cc36927a643a1458a4d53975ba8be1c5e06149a80812a4c7d4836fbf4bc5ddddb0effef
-
SSDEEP
12288:ujqir/lhbePy/bj7+Hg2wk809Kl8Xii/drQ51XJJdGNl0fghrIsiX02Dfy7:uWi/r73Qg2wkP9KlOanX1lCrpiX02Da7
Static task
static1
Behavioral task
behavioral1
Sample
123.exe
Resource
win7-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
[email protected] - Password:
T2@Gwt567 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
[email protected] - Password:
T2@Gwt567
Targets
-
-
Target
123.exexxxxxxxx
-
Size
2.2MB
-
MD5
7932f6ceafe3ff9a846d76e083c9bdc3
-
SHA1
586e455bd53f5d16a53c3c639e2c07b0931663c9
-
SHA256
8118f08c6421a0b84083b59fe557b4035da882d343899149b127f3d1f00ce268
-
SHA512
99d31a77361277b52f8f6ab66722c17735d2d65e3d41943321fca38e3cc36927a643a1458a4d53975ba8be1c5e06149a80812a4c7d4836fbf4bc5ddddb0effef
-
SSDEEP
12288:ujqir/lhbePy/bj7+Hg2wk809Kl8Xii/drQ51XJJdGNl0fghrIsiX02Dfy7:uWi/r73Qg2wkP9KlOanX1lCrpiX02Da7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-