General
-
Target
4b3a9c485b55307538cfd0cbfe541f020324952638b9cbf495be7c9d1660d5e7
-
Size
588KB
-
Sample
220520-2h56gafdd5
-
MD5
e4179a1fb0b0caedbaaf44c71e78fc78
-
SHA1
4c43c387924025eeb9752531a7cb3fb0c835610f
-
SHA256
4b3a9c485b55307538cfd0cbfe541f020324952638b9cbf495be7c9d1660d5e7
-
SHA512
5420a347609d42089a42a058d577e0d29482fdb7d70e4b2bd474c0f1737511e9f0347e0a9d00aa4e6ff9fff4ae58c94fd5a016800dfa4599eb67d6d4e5059591
Static task
static1
Behavioral task
behavioral1
Sample
Images.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Images.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dicera.com - Port:
587 - Username:
[email protected] - Password:
796147
Targets
-
-
Target
Images.exe
-
Size
804KB
-
MD5
a4e259de56ca50059f7f23b788d50f0b
-
SHA1
e1368e3a6882ffe538563abb5fe8d043cf44cd8e
-
SHA256
9297d40e8a55c2bb0d833d2210859dbe1a3486503f47781ac46cbb96d842407d
-
SHA512
660bcf708d9e4c52bc3a28b8de51620884fbd0d0203f0ec4b8e3bbdaf9e21b9f737f207380d0f41eea69f0798bb43035e9d3d95b0b5c674868d8f95b97aba667
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-