General
-
Target
f02584899b5df46577876830f08f4c3d0e71907c7a5938fc932c8db25fa72e0e
-
Size
655KB
-
Sample
241031-lfhz6atpds
-
MD5
3b3547af65a6b0af1f737c0cc2ceb210
-
SHA1
ffe4b2cb4b9d92d25ab801013cad4a75930b75e4
-
SHA256
f02584899b5df46577876830f08f4c3d0e71907c7a5938fc932c8db25fa72e0e
-
SHA512
3001101f85f5bbf361c8a366566f0243ea4b1f413cad5d55b82a963482adc9f9109ee3cf441299ce28d7a94fb5c32221e70439e12b75b27e41c683ba7b90d1aa
-
SSDEEP
12288:uMTmly8qSJe+5iSOn2vQKUvNYBizP3w7tnMe/C+/ly+5LVRBH2lCC6UUgPNH/OwZ:pl8qSQ2IxSBiLgRMeK+/lxxUaUNRZYhM
Static task
static1
Behavioral task
behavioral1
Sample
Musterino_94372478_Ekno_101_20241031410530_ekstre.exe
Resource
win7-20241010-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
zqamcx.com - Port:
587 - Username:
[email protected] - Password:
Methodman991 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
zqamcx.com - Port:
587 - Username:
[email protected] - Password:
Methodman991
Targets
-
-
Target
Musterino_94372478_Ekno_101_20241031410530_ekstre.exe
-
Size
782KB
-
MD5
246168111c9424560475bbfc24a7fdae
-
SHA1
2ce0203983ae35d04bfdc9704f4dc439e86d0e9c
-
SHA256
ba22a1fd5ccbbc56dd6c30c556637865c156a5e332e6a718c336b9d591b86a9c
-
SHA512
6f4eaa6447b8d96be937e32ab79736866745bc40207d9ec4a714459b35a285d9be8dd51f0be46970d576cd9afab177429068e986aa18a6c6395e3a56e98d6796
-
SSDEEP
12288:jBRrXQ9TZweQjcQNz2vQKCvNYLI5P3c73nMINla9t7QTytCkDhLMnQPQkR:VwQjdNyItSLINsjMIwt7QOtldMQf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1