General
-
Target
doc2022052000010030010101.exe
-
Size
24KB
-
Sample
220520-28jedsbddq
-
MD5
494e6c34de631134bff5a01092583701
-
SHA1
56cda18a9b4dccf0fec27aa5ff208f12e7ff8d5a
-
SHA256
11d62aa2e8c63691f11d88d485213cfaa82b48af8c505e7232beb9f2e5fc2f6a
-
SHA512
ad32e62388246ed088d27a03a83e26de0ca9382209322ab47024ff8b42da24165d1a43941c7ac7a6be4563efedf3a147c787f128ea12f03f88b1c54324371b71
Static task
static1
Behavioral task
behavioral1
Sample
doc2022052000010030010101.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
doc2022052000010030010101.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5310370668:AAEdB2nfvvFj53YoaxJ-AleA2m93WUxxyM0/sendDocument
Targets
-
-
Target
doc2022052000010030010101.exe
-
Size
24KB
-
MD5
494e6c34de631134bff5a01092583701
-
SHA1
56cda18a9b4dccf0fec27aa5ff208f12e7ff8d5a
-
SHA256
11d62aa2e8c63691f11d88d485213cfaa82b48af8c505e7232beb9f2e5fc2f6a
-
SHA512
ad32e62388246ed088d27a03a83e26de0ca9382209322ab47024ff8b42da24165d1a43941c7ac7a6be4563efedf3a147c787f128ea12f03f88b1c54324371b71
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-