General
-
Target
01072025_0542_27062025_SOA_Ref00696006.7z
-
Size
318KB
-
Sample
250701-geda3aen91
-
MD5
1a2ad57ed896396db3292c97d33f45c0
-
SHA1
337bf9ef6773741c1133b60666ebf17a1a5a683d
-
SHA256
1388839ee060ec5d708953d5f2cdc837203856b49ffa1b81bc77e910b50316b1
-
SHA512
9c4a0f2a860f516916368209e160883b05b151c90185adaef62dab385695e4fe0d1e5709e82b3558c357a030c73ace0d4d0c8d8d6a09d10863570793bc604cef
-
SSDEEP
6144:gfNSVgu2/JPzyMRBk9ZfDCSpiZ7TkeRfnwAyTSA0gYYTh+CHwM5mYWQigF:yNSVguQ5ZBE9DAZ7zuTL/9DQM5jWQim
Static task
static1
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
M992uew1mw6Z - Email To:
[email protected]
Targets
-
-
Target
SOA_Ref00696006.vbs
-
Size
1.8MB
-
MD5
40eb547cf5b595c44dc422a30ce46275
-
SHA1
8ab503b56691b87d48a3686ef78a82b259497b8b
-
SHA256
df2b737329ae7cb4cbf012a8cf989621faa7233f3cb21327640010543b2c60d9
-
SHA512
a256c4fbbc7be40e4e2d4cdf7df1ec194df17e8e54b6e0744fc86800cd2caa5b452dd7761d231db6968f59fe4beaaa2bafaca881ae89ffd857c62494e9b78867
-
SSDEEP
49152:FrnieFsARDzFzKVzTfjF8B9TA5za5ibhZ/XTLUp0TRW:f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-