General
-
Target
2d4ab4633e5146174ae65cb1c14ffb8e4e2c104ef6607756366e38c29c8d344d
-
Size
640KB
-
Sample
220520-2lcy4afee3
-
MD5
378d68b9b53c6b58d4a2be2edf67ac0f
-
SHA1
e19ca201682f9cb361ff1a55a1e0c0b699a69f69
-
SHA256
2d4ab4633e5146174ae65cb1c14ffb8e4e2c104ef6607756366e38c29c8d344d
-
SHA512
a16f5ed7478c102a49fc8650cd5de6e4dffc154ae0eba342e27710b83dd5936f276cd5200e0a2ea93a5e4a7743efe8d1447daa3a060435b9e6a1009d2b78d3fe
Static task
static1
Behavioral task
behavioral1
Sample
2020819 MCHPLT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2020819 MCHPLT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hybridgroupco.com - Port:
587 - Username:
[email protected] - Password:
Obinna123@@@
Targets
-
-
Target
2020819 MCHPLT.exe
-
Size
715KB
-
MD5
434bad3dddf2e21f14a918e7c52a00cd
-
SHA1
60f13b562b9768f85aed3f8510e3f8b906c2268b
-
SHA256
b745f8bc7dd3ee96edc308bcfbe51d0807a32a31be0a99b56a847d9df84cc200
-
SHA512
54e481ddd31cbccde5a6085523270c05dee2f90a0b00ca8e7b95b0c587ad69d4f154a05bad6b033126e64b129e670131e8483de4b9ee5c11dea4e48fa3be7d44
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-