General
-
Target
4c414b473bccbbce2c7cde00248ea1a1
-
Size
523KB
-
Sample
220504-scqddsghbj
-
MD5
4c414b473bccbbce2c7cde00248ea1a1
-
SHA1
77bf848d5a1d4d0fdc252aa170e7b8af19bcc012
-
SHA256
7bb212946fdeb406c7aa8f691405d185065514d5dc1f269f8e409762ff9f6915
-
SHA512
0fa66c53045e9e74d294420d66deadcad7ee56d13e33dd90e73b0de1e6958cd3b5c347e13e85797895bbac5f23b3cc3926d6b9a75f242ef2379d93230c7b0f9b
Static task
static1
Behavioral task
behavioral1
Sample
4c414b473bccbbce2c7cde00248ea1a1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4c414b473bccbbce2c7cde00248ea1a1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
Az@gcmce.com - Password:
DANIEL3116
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
Az@gcmce.com - Password:
DANIEL3116
Targets
-
-
Target
4c414b473bccbbce2c7cde00248ea1a1
-
Size
523KB
-
MD5
4c414b473bccbbce2c7cde00248ea1a1
-
SHA1
77bf848d5a1d4d0fdc252aa170e7b8af19bcc012
-
SHA256
7bb212946fdeb406c7aa8f691405d185065514d5dc1f269f8e409762ff9f6915
-
SHA512
0fa66c53045e9e74d294420d66deadcad7ee56d13e33dd90e73b0de1e6958cd3b5c347e13e85797895bbac5f23b3cc3926d6b9a75f242ef2379d93230c7b0f9b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-