General
-
Target
bf19e2261ebe6c82bc30c3574d537a4ae776d4855d78af7b5c68f5c9c1bc0882
-
Size
711KB
-
Sample
220415-pr4yjshdej
-
MD5
67483eb7f484cc43ad109bd69f87d3a6
-
SHA1
ba44fdf3a2501f556ece2e8ab39fa455136fab87
-
SHA256
bf19e2261ebe6c82bc30c3574d537a4ae776d4855d78af7b5c68f5c9c1bc0882
-
SHA512
d187d16f643c483672ccaf44b982b4b4f0f0d6cd74b5a7e5177c1c32b84c636fa6638a13c1a8e2bee7d374f56d28411b34dbf0c7c902ddcf51e8151e36da48ef
Static task
static1
Behavioral task
behavioral1
Sample
bf19e2261ebe6c82bc30c3574d537a4ae776d4855d78af7b5c68f5c9c1bc0882.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bf19e2261ebe6c82bc30c3574d537a4ae776d4855d78af7b5c68f5c9c1bc0882.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.nusatek.com - Port:
587 - Username:
[email protected] - Password:
nusatek187753d - Email To:
[email protected]
Targets
-
-
Target
bf19e2261ebe6c82bc30c3574d537a4ae776d4855d78af7b5c68f5c9c1bc0882
-
Size
711KB
-
MD5
67483eb7f484cc43ad109bd69f87d3a6
-
SHA1
ba44fdf3a2501f556ece2e8ab39fa455136fab87
-
SHA256
bf19e2261ebe6c82bc30c3574d537a4ae776d4855d78af7b5c68f5c9c1bc0882
-
SHA512
d187d16f643c483672ccaf44b982b4b4f0f0d6cd74b5a7e5177c1c32b84c636fa6638a13c1a8e2bee7d374f56d28411b34dbf0c7c902ddcf51e8151e36da48ef
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-