General
-
Target
a8954e0e9bbcba4e8aaf123b30d5ac875a8f6735988a9b5fd98e91a83b997b2f
-
Size
548KB
-
Sample
220520-2bk7qafae3
-
MD5
f74a4294b7bf57030f8969e4f5f9b326
-
SHA1
73db5a4f282f4b13aa7811cf6a88bf0c55bdcf60
-
SHA256
a8954e0e9bbcba4e8aaf123b30d5ac875a8f6735988a9b5fd98e91a83b997b2f
-
SHA512
a3e6d52842cf889fdae861862b9848e3974454e704627fee3b127cf8bee2e947cd6302fa08d7ffa40b41ec55e56f8ba3298cc75257dc653b2294ec28633502bb
Static task
static1
Behavioral task
behavioral1
Sample
PO#200513DCC025R-1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO#200513DCC025R-1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.daiphatfood.com.vn - Port:
587 - Username:
[email protected] - Password:
jn&6kG~_w;;A
Extracted
Protocol: smtp- Host:
mail.daiphatfood.com.vn - Port:
587 - Username:
[email protected] - Password:
jn&6kG~_w;;A
Targets
-
-
Target
PO#200513DCC025R-1.exe
-
Size
818KB
-
MD5
8c6804dfc7687bddaf345be3fe9bb1e8
-
SHA1
5c5497178a0df1d3889b8484610aeeb267aa480e
-
SHA256
b925f4f11ff1dbf71b77029f2fac8c760dbca123c9a3225ba29057b177e290d6
-
SHA512
097974d106f748420529971c6159f64e00c8eba4820da3697b858f48aadfac811b06c7d0b26a600f69fc889e17eb296ba56680c0c1ebed45d2116f425059a260
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-