General
-
Target
8f756a0647aa0f1421ac081da6c16883c38c18008c96f50cd3a3545dd71af02c
-
Size
1.2MB
-
Sample
220520-2da5jafbc5
-
MD5
876ddbfc2e4be0d037a4813c0dc1ef2c
-
SHA1
089bcdd9ad286f48d5b0a20948f6dda0ffc4dd64
-
SHA256
8f756a0647aa0f1421ac081da6c16883c38c18008c96f50cd3a3545dd71af02c
-
SHA512
2c387e7205c8a0b09a15ad610ed2b78f5d03f5314ff10f812bef4db3a8b08066b735dd4a1a10bfef99b6c645f11bae29c99762906300dddf2a877f8cc630dab1
Static task
static1
Behavioral task
behavioral1
Sample
DRAFT_BL.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DRAFT_BL.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
333link00win
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
333link00win
Targets
-
-
Target
DRAFT_BL.SCR
-
Size
671KB
-
MD5
04c8a416d116d67e72ab3913081d58c1
-
SHA1
47e52d3689f4ecd6be15ca46fcb2f2ef6c0885c3
-
SHA256
62fcdae1698a3257838b23279dfb2706ed7eb727cbe24e89ab2445565d45de04
-
SHA512
fb82d5cbbd277e74591e023ed3be0882c527d8224f152154801ac1aeaac6a0171510b88f602fde1c64ac9fd21e0b3682da68966fee0b3acc03694c0322d360ff
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-