General
-
Target
a79ec100c7ba4df9ecba5aa57f0e62ba2712687b1cc7fae30f795184b63c58ba
-
Size
341KB
-
Sample
220520-29b2psbdeq
-
MD5
0059f43909e0cc3b6f684d9eb7ab2b9c
-
SHA1
05c27989ea1484bd9c5388ee7aa1c9ba86189483
-
SHA256
a79ec100c7ba4df9ecba5aa57f0e62ba2712687b1cc7fae30f795184b63c58ba
-
SHA512
72841022d6e3e63f3985526f025e639def8f2d3cffd57cb7fd984b34cc242519cbf1288f99c86502e3f28c82f8ff853d76041a8b88daa4b6a5c1ec8011d042bc
Static task
static1
Behavioral task
behavioral1
Sample
Due Invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Due Invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
bigboy5570@@@@
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
bigboy5570@@@@
Targets
-
-
Target
Due Invoice.exe
-
Size
410KB
-
MD5
84dc340e56d31e9da2e04d9cff00c89f
-
SHA1
ee3590a44a19694e1f30efba34fc8e6c393620ff
-
SHA256
a17438d009e8a6e90b846941faaeaecd1a71951f97d4b8aa312ad1b2b7a420b2
-
SHA512
a2976b236827c9dbc1a05ff653cb1ce3bdf227e4848d4462b83f45fbc0dcf5d238a5da1c86b0023ed9f946e65998cb4eb274ba64e886e1b80d5401d4f952034f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-