General
-
Target
018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e
-
Size
603KB
-
Sample
240701-bc6lya1ejd
-
MD5
1b4cc3ed2613c27827d248b79870366b
-
SHA1
19ef093465e9b5d579730f36c742f86ab01e75c6
-
SHA256
018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e
-
SHA512
497e5d2f11dff5148b084e3c3f6becf9370ff67540c210c6b20d4172d52c54a98361e5af21b7c23902bfc71f4985a439f5c9170d72e0fa5f7f502f47567725cc
-
SSDEEP
12288:q7D2+pR/soP9MsujwkZHX1Xx6+qwOkXN896U4yvZS:rCdPGjDlXxhpDdWTM
Static task
static1
Behavioral task
behavioral1
Sample
018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e.exe
Resource
win7-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
Asaprocky11 - Email To:
[email protected]
Targets
-
-
Target
018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e
-
Size
603KB
-
MD5
1b4cc3ed2613c27827d248b79870366b
-
SHA1
19ef093465e9b5d579730f36c742f86ab01e75c6
-
SHA256
018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e
-
SHA512
497e5d2f11dff5148b084e3c3f6becf9370ff67540c210c6b20d4172d52c54a98361e5af21b7c23902bfc71f4985a439f5c9170d72e0fa5f7f502f47567725cc
-
SSDEEP
12288:q7D2+pR/soP9MsujwkZHX1Xx6+qwOkXN896U4yvZS:rCdPGjDlXxhpDdWTM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-