General
-
Target
7804d202444c674f18d777634af6d2778ddcadd331b1cc5d8ab590a8561d66d4
-
Size
692KB
-
Sample
241121-bfb7haxalg
-
MD5
7515f214e575b15d4bd7fe53313f740a
-
SHA1
72e3407fac6be13dc2466fef02fca2ebc6d60dd6
-
SHA256
7804d202444c674f18d777634af6d2778ddcadd331b1cc5d8ab590a8561d66d4
-
SHA512
35bc4e6fd749136b83b8bad5eae2da51fd70a10c46f9d4a16d5fd3ffae0dae11d0f224ae6324f5024dbfd7777ba8634f1a3af4359d67b00933af9f0847107614
-
SSDEEP
12288:q5AgFd918tPwTfYq1ZtoMxf5Cs814Aq/EamrnJuiu01x/pC9:8Ag6wEMZtoMSs8DeEamlxxC
Static task
static1
Behavioral task
behavioral1
Sample
DATASHEET.exe
Resource
win7-20240729-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
graceofgod@amen - Email To:
[email protected]
Targets
-
-
Target
DATASHEET.exe
-
Size
631KB
-
MD5
8b627084e10ad9b77436a4c3d8ea5ebb
-
SHA1
7db5ee2ab5fdc91fa29a521f7f9779684f9e4abd
-
SHA256
10f6d70d363d93fce85e92f2ea94a36eda4c755606581cd101652afaa97a91fc
-
SHA512
45ccb2de3d572d2244f4676322834ddf8bf003ff7e4955bf5510ff082aa42cd1b519c6b9ee43dbad5eef6af96c6b5c6e8121e5ce0779aa4f1834bd1bbb57035f
-
SSDEEP
12288:f5AgFd918tPwTfYq1ZtoMxf5Cs814Aq/EamrnJuiu01x/pC9:hAg6wEMZtoMSs8DeEamlxxC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-