General
-
Target
f2145ee5f0d183ebb1f67b3463bf419659d25b867c677cb983736fca59df2042
-
Size
599KB
-
Sample
240904-r85bratenf
-
MD5
c0f4ede41e8f9a9c43df4a5a61e6e011
-
SHA1
83f57c3f81ab98c51cc4a096679f5cb5680cef64
-
SHA256
f2145ee5f0d183ebb1f67b3463bf419659d25b867c677cb983736fca59df2042
-
SHA512
f7c80c03d0415ccaf5eced2dd80c3607c84758f47389a407b845c126b60036bb9390451094b00fcae338f39f42488e6fdbd05442d6bab1b221958ebe4152be2b
-
SSDEEP
12288:w9WcIVho/hlaKuUP3E3iSLQxkx+1XzkY49icD2oepCYBWeado2rP:SWcI4ZlaaEpLXA1XgY49iW9mCYBXado2
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rrcindia.co.in - Port:
587 - Username:
[email protected] - Password:
Goyal@0783 - Email To:
[email protected]
Targets
-
-
Target
699af4e8e4d2f3b3ab73268c846f4013f677bc183b9c561279f88c0239972b9b.exe
-
Size
652KB
-
MD5
c32f9ec932828cb58da2a9fde44a4635
-
SHA1
e13e8202a7f83df99bacbf89bfc303c9d73a68a8
-
SHA256
699af4e8e4d2f3b3ab73268c846f4013f677bc183b9c561279f88c0239972b9b
-
SHA512
39a7affc06ba2f14e731688292d073784e6c40482e4222a1c061093a1464646427c294e4232b950637267f60f70ea2fa8d971cafcc556dabfcbf56d1bc13df1f
-
SSDEEP
12288:199glhtubCawcYZP1Y663TmwQxzcnhApsyaoJYD/exqBfHVdGrtaEJmxzBI8y7tN:1dwV1STmwQxqroqD2xWVdGZmxzBI8C
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-