General
-
Target
Requirements_010725.exe
-
Size
642KB
-
Sample
250701-gbrz2sen8w
-
MD5
cf27e4c1117cb4b1d1791c4f3288d86a
-
SHA1
3a591449ef6e2b3cad25f0e4319b31be2633cb87
-
SHA256
ef0d48f4ab28cc338fc29affea2e019f1aa34a54c4220b19a13f57f73f9f81a3
-
SHA512
16957c6f30ab70b6f4d022548e16934934fd253fba8d58e7880bd065577af7541ecbf84eb7897e2309c5ecbc3a67287dad73f37a651b5a95b664f7e7b266fc36
-
SSDEEP
12288:i+idMeVS1HQfA1UCcX9In9CuNL5DTXc9zE7ynbx:Ig1mAiCt9CslTEzgynb
Static task
static1
Behavioral task
behavioral1
Sample
Requirements_010725.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mbarieservicesltd.com - Port:
587 - Username:
[email protected] - Password:
*o9H+18Q4%;M - Email To:
[email protected]
Targets
-
-
Target
Requirements_010725.exe
-
Size
642KB
-
MD5
cf27e4c1117cb4b1d1791c4f3288d86a
-
SHA1
3a591449ef6e2b3cad25f0e4319b31be2633cb87
-
SHA256
ef0d48f4ab28cc338fc29affea2e019f1aa34a54c4220b19a13f57f73f9f81a3
-
SHA512
16957c6f30ab70b6f4d022548e16934934fd253fba8d58e7880bd065577af7541ecbf84eb7897e2309c5ecbc3a67287dad73f37a651b5a95b664f7e7b266fc36
-
SSDEEP
12288:i+idMeVS1HQfA1UCcX9In9CuNL5DTXc9zE7ynbx:Ig1mAiCt9CslTEzgynb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1