General
-
Target
402a82f143a0530788615e0a662ec3d4fc8679a7107abdde0c6fb8a133b220d3
-
Size
633KB
-
Sample
220520-2j4c9sfdh6
-
MD5
98a15c8dcd1bf39fcc076d88daf44992
-
SHA1
e23038ea4f10602def952a7b0505d343780d26e3
-
SHA256
402a82f143a0530788615e0a662ec3d4fc8679a7107abdde0c6fb8a133b220d3
-
SHA512
a1de44ccdf584d84243c936451e9d0b7fdfeed64d008f64d3b1b964d5f89c9669246d74505f9b104503f2d5c38ca49939bb1cc78aa33382f42cfe86853744217
Static task
static1
Behavioral task
behavioral1
Sample
Pagamento INV.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Pagamento INV.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
vikash12345
Targets
-
-
Target
Pagamento INV.exe
-
Size
661KB
-
MD5
7f0c1a8e0abb6ddfd6488e1062256844
-
SHA1
5c038239c533d9b6151ee1c46872de37389094b6
-
SHA256
32e87ba877bda7e78b9d5c772d7e5a420c375db21b48a0de7275b5311f58aa92
-
SHA512
512fe65740126b56e75abb3bfb09a42e21aa90357898a08476126b25e9200db1b082c0dd5e6cf8a08f2b2676c140b52ddcbe900ade6fee46c9cf2912ca83adf1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-