General
-
Target
c071e52c0f19cbedbad1c026a30b9a2d5f6268c8e9a742c802f322bff7fcf372.exe
-
Size
750KB
-
Sample
241112-dc1rsswmhk
-
MD5
d00531e7583018b9f595cf27699ca567
-
SHA1
83c7ea4e944dd3a88bd1c3d6d8461e2f74b5e182
-
SHA256
c071e52c0f19cbedbad1c026a30b9a2d5f6268c8e9a742c802f322bff7fcf372
-
SHA512
7406c0f9c735b5c3b4cfe6fef7dd02b80c0d397e9c467abec23e51c68c5cff3557b8b08f52c1c934a88028cb1d1e3a2c83f2b215d594106beb1288d6b588c46e
-
SSDEEP
12288:G+LMv6T7nCm3ey512o0vQdZ4zUZ7BTJW6u45okpyvGBAwHRK3p:tLMvsCmuyPg+Kzi7BTJS4SKyvGBAD
Static task
static1
Behavioral task
behavioral1
Sample
c071e52c0f19cbedbad1c026a30b9a2d5f6268c8e9a742c802f322bff7fcf372.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c071e52c0f19cbedbad1c026a30b9a2d5f6268c8e9a742c802f322bff7fcf372.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mbarieservicesltd.com - Port:
587 - Username:
[email protected] - Password:
*o9H+18Q4%;M - Email To:
[email protected]
Targets
-
-
Target
c071e52c0f19cbedbad1c026a30b9a2d5f6268c8e9a742c802f322bff7fcf372.exe
-
Size
750KB
-
MD5
d00531e7583018b9f595cf27699ca567
-
SHA1
83c7ea4e944dd3a88bd1c3d6d8461e2f74b5e182
-
SHA256
c071e52c0f19cbedbad1c026a30b9a2d5f6268c8e9a742c802f322bff7fcf372
-
SHA512
7406c0f9c735b5c3b4cfe6fef7dd02b80c0d397e9c467abec23e51c68c5cff3557b8b08f52c1c934a88028cb1d1e3a2c83f2b215d594106beb1288d6b588c46e
-
SSDEEP
12288:G+LMv6T7nCm3ey512o0vQdZ4zUZ7BTJW6u45okpyvGBAwHRK3p:tLMvsCmuyPg+Kzi7BTJS4SKyvGBAD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1