General
-
Target
d8453b3e4363f9154458b927cdf398ce8f792a61cd0eaa387a535802bff24179
-
Size
595KB
-
Sample
220520-17zjjsegg6
-
MD5
e186dece8061c1e9f143a738a926392c
-
SHA1
4a1e22d3b10de2f50050854182a09c9f0d38ace3
-
SHA256
d8453b3e4363f9154458b927cdf398ce8f792a61cd0eaa387a535802bff24179
-
SHA512
b6371aa579f92ca8f65c644e39397e7a9067e62a68b1a050b23b04cdf157d7efed5f5b54e32e5f3754a741640ae318dd5ee591822ca51e84d501c596043e5ee8
Static task
static1
Behavioral task
behavioral1
Sample
Transfer Confirmation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Transfer Confirmation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
K$pbkEK0
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
K$pbkEK0
Targets
-
-
Target
Transfer Confirmation.exe
-
Size
617KB
-
MD5
4933039c07233e307f6a8ee44229f81b
-
SHA1
e0f164c88ead46da499516596adb16bde31b3243
-
SHA256
1c8ee9c80b54c9a2f245d2e98ce8d25702becbc6584135c4278169d406016dd8
-
SHA512
6072234ed2ee6c19e45ccc61dc52e730cbfd568a78ad2e11eae4714c34e95894b8fe93eabcb8c2ad1cc1e3b45a5e0326d393418dce0df7c39b4baa0289a94d7c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-