General
-
Target
33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797
-
Size
716KB
-
Sample
240630-bwcsza1gqa
-
MD5
251fbed59bfea87dc028bec0355660f8
-
SHA1
19c82620739cf35fffa335c61f810801b9296e10
-
SHA256
33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797
-
SHA512
9f094a07c3698ee17ba947581e18f3b4dc054172b0e1cfee69659504e5e7cf66a6cc65b6141278108011081695f04dfcfad80f52618db12f9c0ad75ffa428a26
-
SSDEEP
12288:eh34uhfuk+c9uDr3r4hxmLAd0SPv56HJgMq+eHMI2QYz8i6Wwg1VFjFvk:ehzwkVUDr30hwLgQJSP1ZoxFM
Static task
static1
Behavioral task
behavioral1
Sample
33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797.exe
Resource
win7-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.veerelectronics.com - Port:
587 - Username:
[email protected] - Password:
diya@happy4594 - Email To:
[email protected]
Targets
-
-
Target
33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797
-
Size
716KB
-
MD5
251fbed59bfea87dc028bec0355660f8
-
SHA1
19c82620739cf35fffa335c61f810801b9296e10
-
SHA256
33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797
-
SHA512
9f094a07c3698ee17ba947581e18f3b4dc054172b0e1cfee69659504e5e7cf66a6cc65b6141278108011081695f04dfcfad80f52618db12f9c0ad75ffa428a26
-
SSDEEP
12288:eh34uhfuk+c9uDr3r4hxmLAd0SPv56HJgMq+eHMI2QYz8i6Wwg1VFjFvk:ehzwkVUDr30hwLgQJSP1ZoxFM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-