General
-
Target
4d80bfab94e0ea8e1c5b8b94e5e4acf38596c01bd869a4a890fddfb3fcb046b9
-
Size
459KB
-
Sample
220520-29xy6sbdgm
-
MD5
bb26b5a2b00e7a946acbfc2694f93b74
-
SHA1
6034c7fe06781050be097c3f10bf4e364060ae8c
-
SHA256
4d80bfab94e0ea8e1c5b8b94e5e4acf38596c01bd869a4a890fddfb3fcb046b9
-
SHA512
bb7c7ec0a7757df622fd583880508b427fd85a3e91df97a9ed8f7c805eab7848eb53f67900f7b56602f93fd33a83df9e60b5f2ec8f85bbc0e85ecc316a3ba8ca
Static task
static1
Behavioral task
behavioral1
Sample
J6NLUnAQN1LMjkH.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
J6NLUnAQN1LMjkH.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
emmanuelmentor
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
emmanuelmentor
Targets
-
-
Target
J6NLUnAQN1LMjkH.exe
-
Size
500KB
-
MD5
241387d95cea5198a87f85023de031fc
-
SHA1
2a2038cd20cfb2acb55bf0fb92ded52ba192b071
-
SHA256
a7f24f863c3e86db31552f6c91365ae54b272594ee446a5a8ab658ac42a26eae
-
SHA512
a03de62ca3bca0d6540e530ef6572cd330caeb9919cc7704f23bdc4f81bd94e556cc2afa2435f52e66958886057158530b279facde2a222cc51725e73bcec685
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-