General
-
Target
0c12ad85d9b46dd1b9923ffd977244fa3a4a46612f38e6edee40fb36d8243ea1.iso
-
Size
700KB
-
Sample
241122-ch2qlsxrfn
-
MD5
577d081b724a55442e2f137d2ebad7ef
-
SHA1
34827c7b6f4124a90056f04eda51cbafcb929ead
-
SHA256
0c12ad85d9b46dd1b9923ffd977244fa3a4a46612f38e6edee40fb36d8243ea1
-
SHA512
78f0f8171d8f9ef2d37cc912602178769a131bed8fec39773d8b0065afa4676e4fe96995fc1fbf8a138e406ffa0e77e66690daafa60a227e3978ab35082f0be1
-
SSDEEP
12288:77AgFdeiGKC0uCejzi9UhkL8WYCUeBhQi5UX9aLmmf5jq5XX2sMMnQ4HwXYJ:/AgeizWCeW94WYCnCEmi25H2OQ4QI
Static task
static1
Behavioral task
behavioral1
Sample
datasheet.exe
Resource
win7-20240903-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
marcellinus360
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
marcellinus360 - Email To:
[email protected]
Targets
-
-
Target
datasheet.exe
-
Size
639KB
-
MD5
27270bf6a969355e90e16289379cd6d1
-
SHA1
913f562df18cf266c3ae94605cce6c3ce084d472
-
SHA256
7292590b86e83ca5c6993b8c56578740d1f066c91baf3d95bee2bd34d9153f15
-
SHA512
814bec3009c19a298737385b783654110230cf902da1ebf18e2ad697901c884f8cf3f635979659ceedfa17aa5b79aa1b0860316baa2499b589d1586673730780
-
SSDEEP
12288:O7AgFdeiGKC0uCejzi9UhkL8WYCUeBhQi5UX9aLmmf5jq5XX2sMMnQ4HwXYJ:KAgeizWCeW94WYCnCEmi25H2OQ4QI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-