General
-
Target
74518695776885d991a17706e4c2299b9e8cc8ea5b696705ee6c7f134a229532
-
Size
590KB
-
Sample
220520-2e5ersadal
-
MD5
f17fa45f8431740a7008007a7ac17a91
-
SHA1
b70e33e6722c385faf061c123957883915a83c60
-
SHA256
74518695776885d991a17706e4c2299b9e8cc8ea5b696705ee6c7f134a229532
-
SHA512
74dc4693c08475357fef0721f7b3d89287ea4321fd1e7ce52a43254cdf761261bbfd522bbd541408156f1d455830ea44d29f87a99bf713236d223b7d3f6b48df
Static task
static1
Behavioral task
behavioral1
Sample
HC.CLOVER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
HC.CLOVER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ritac-eg.com - Port:
587 - Username:
[email protected] - Password:
YM%dNtj2
Targets
-
-
Target
HC.CLOVER.exe
-
Size
668KB
-
MD5
6b65a861903570a025237153f6129aec
-
SHA1
5bcb467b92684cb93f7fa646a7f28c723078401b
-
SHA256
30ab1b464bd5881b5f8785ec2fa28fe1fd9a7d7430adf54445ef9bc1febafd46
-
SHA512
8b7860c36ba3aed9fb41342962a3cf949a2f9ae8de060ad2f7176aefde2f3b86a5dd2721962992148247cddc9545959334eef1493f28542f56cf7911084627e4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-