General
-
Target
d833eeb21faf05fd282e116c89ca50f383c96afbff0b350b88612de63a11f272
-
Size
514KB
-
Sample
220520-284ekabddr
-
MD5
0cb25401434cee37dff64e486c078718
-
SHA1
06fe6451dc8a659f36c9f4ed83f16307c83ccd7a
-
SHA256
d833eeb21faf05fd282e116c89ca50f383c96afbff0b350b88612de63a11f272
-
SHA512
d57891951cc18ff27315649554f63b1a24be57dc5da5dc1584272fa1a283039df0f82c0157c9768c2630451c5a18524e925f7b207c0084ec1e95e88d3003c51f
Static task
static1
Behavioral task
behavioral1
Sample
Po129834589.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Po129834589.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mytravelexplorer.com - Port:
587 - Username:
[email protected] - Password:
$g=!lt#SakbA
Targets
-
-
Target
Po129834589.exe
-
Size
743KB
-
MD5
7f90e73a8d12d33684f6d254c3d84ea6
-
SHA1
3ebaacc513549648b86fa343adbfb1cb53d60144
-
SHA256
5cc60b79a462acba33bafc299e15f4b0e8f75a96944f2dd3dd0836cb305bd889
-
SHA512
aa0faa674be25e8c1392d09c8409a61a310208adb7f33f03eecac6e326b4bd3137b866fed7cbd087292308e470088dc5279d484107aefac2bf5ae7ea079adbae
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-