General
-
Target
88801297a310f88fd29cf5b1e9066eee829a6bf43fe65108f4bc64932b1e845b
-
Size
1.1MB
-
Sample
220415-be7xsafebk
-
MD5
50c6bb03817dd9b96add801c1642aafd
-
SHA1
42e5177efdcea6bf3e83d06b5d34d0115740c62d
-
SHA256
88801297a310f88fd29cf5b1e9066eee829a6bf43fe65108f4bc64932b1e845b
-
SHA512
42f3454df915b27a8711276c04bf07bfcef1b12a032cd3399b3526bb37c20473ebd0b9a054e79dd2c7b52c6bbc7ac0e92a222235f0d0a1aebc938ea792680f05
Static task
static1
Behavioral task
behavioral1
Sample
88801297a310f88fd29cf5b1e9066eee829a6bf43fe65108f4bc64932b1e845b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
88801297a310f88fd29cf5b1e9066eee829a6bf43fe65108f4bc64932b1e845b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.transgear.in - Port:
587 - Username:
[email protected] - Password:
purchase@2020*
Targets
-
-
Target
88801297a310f88fd29cf5b1e9066eee829a6bf43fe65108f4bc64932b1e845b
-
Size
1.1MB
-
MD5
50c6bb03817dd9b96add801c1642aafd
-
SHA1
42e5177efdcea6bf3e83d06b5d34d0115740c62d
-
SHA256
88801297a310f88fd29cf5b1e9066eee829a6bf43fe65108f4bc64932b1e845b
-
SHA512
42f3454df915b27a8711276c04bf07bfcef1b12a032cd3399b3526bb37c20473ebd0b9a054e79dd2c7b52c6bbc7ac0e92a222235f0d0a1aebc938ea792680f05
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-