General
-
Target
9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333
-
Size
854KB
-
Sample
240630-bhrpza1drd
-
MD5
3b26db0dd5d0a4d1fee567aafe927f82
-
SHA1
19a1b658afc8c1cb04de677cc727508c157cdcda
-
SHA256
9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333
-
SHA512
0eb82f5e50920e9aa7c5a00bdbcfd1094756591bf3cc9574105cc544a2ab7ce46e62594630fe62749c5e6f77d720a542dcd99c6da128ce93dac188cd42bca968
-
SSDEEP
12288:4I94SIG0d0uFhCchHcEiem+PuPeILLgJ9AI8s16fdeD7hV4wzd9CZ1k3:QzfVu25BtmPeIHgJ95w2F2et
Static task
static1
Behavioral task
behavioral1
Sample
9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333.exe
Resource
win7-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
8QYDNHykJ1UMRfJcE1xt - Email To:
[email protected]
Targets
-
-
Target
9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333
-
Size
854KB
-
MD5
3b26db0dd5d0a4d1fee567aafe927f82
-
SHA1
19a1b658afc8c1cb04de677cc727508c157cdcda
-
SHA256
9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333
-
SHA512
0eb82f5e50920e9aa7c5a00bdbcfd1094756591bf3cc9574105cc544a2ab7ce46e62594630fe62749c5e6f77d720a542dcd99c6da128ce93dac188cd42bca968
-
SSDEEP
12288:4I94SIG0d0uFhCchHcEiem+PuPeILLgJ9AI8s16fdeD7hV4wzd9CZ1k3:QzfVu25BtmPeIHgJ95w2F2et
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-