General
-
Target
2b93010d8ffe7a78db81236713f060996b1011e39a7d3af7bd66720a411042c8
-
Size
630KB
-
Sample
220520-2lkzpsfef2
-
MD5
eee335b248fa12053daf03191ec0cc40
-
SHA1
0f5abd0babf884a589fc4820ace5bcdd14ce3182
-
SHA256
2b93010d8ffe7a78db81236713f060996b1011e39a7d3af7bd66720a411042c8
-
SHA512
7c482d71adeb14f2a08d2a9600b1c179c11362471b8fd35fba2267b2e58a48711038f89cb9b012c2d091b28861d6f4d6676a3f5db106704f8e30441358d560ce
Static task
static1
Behavioral task
behavioral1
Sample
Notification.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Notification.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.imp-powers.com - Port:
587 - Username:
[email protected] - Password:
AHZlkhbJ1
Targets
-
-
Target
Notification.exe
-
Size
658KB
-
MD5
47e8d6bd8436211d173515806ba8baed
-
SHA1
a211c296e7377578045efd143a5ca4ad9dca812b
-
SHA256
50946bb2be1a9fb71dfd068710893588bfcbeacdf2cde3e0270c2f6487594a99
-
SHA512
7695b75bdd005a39dd0a3414eeb368149d8672d9444f6f55d33a8764d5b800eae5a63eba1c67660d906966afe49cb843843961e160837ef535b062235a469c87
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-