General
-
Target
d90c61a0a10d5e62fbf8223c15fd9b2e05a25426294b67113286e39848b5423e
-
Size
835KB
-
Sample
241122-fbgnmsvkcx
-
MD5
3532d8ab3600b59b2ddbec97094ef831
-
SHA1
3da6ac379af8fef17b6108f6610af07edee30163
-
SHA256
d90c61a0a10d5e62fbf8223c15fd9b2e05a25426294b67113286e39848b5423e
-
SHA512
10e9036a685104bc702a617eb83b89c25273a43362446fbedef7dee44615be832e593475eb4b14b962b2d673766f3339f051d11683619d759f4cd0137f150225
-
SSDEEP
12288:g7/9WflU/9dlqGzq1ejQrMR6DaoLLeM1+kFqMKj5/A:8ylUdqGW1iCM+S9kQ9/
Static task
static1
Behavioral task
behavioral1
Sample
d90c61a0a10d5e62fbf8223c15fd9b2e05a25426294b67113286e39848b5423e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d90c61a0a10d5e62fbf8223c15fd9b2e05a25426294b67113286e39848b5423e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.modelinfra.com - Port:
587 - Username:
[email protected] - Password:
TAXmic#@!96^&*2 - Email To:
[email protected]
Targets
-
-
Target
d90c61a0a10d5e62fbf8223c15fd9b2e05a25426294b67113286e39848b5423e
-
Size
835KB
-
MD5
3532d8ab3600b59b2ddbec97094ef831
-
SHA1
3da6ac379af8fef17b6108f6610af07edee30163
-
SHA256
d90c61a0a10d5e62fbf8223c15fd9b2e05a25426294b67113286e39848b5423e
-
SHA512
10e9036a685104bc702a617eb83b89c25273a43362446fbedef7dee44615be832e593475eb4b14b962b2d673766f3339f051d11683619d759f4cd0137f150225
-
SSDEEP
12288:g7/9WflU/9dlqGzq1ejQrMR6DaoLLeM1+kFqMKj5/A:8ylUdqGW1iCM+S9kQ9/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1