General
-
Target
29715112a7782bb7c99eb899a16b57a7f07dda24cba607aaf5dd28466a541ffd
-
Size
652KB
-
Sample
220520-2lrggsafbq
-
MD5
4eb06088e1280bc0fc171c082409367b
-
SHA1
a93486abf212ab63efe630f2f20d91839463968d
-
SHA256
29715112a7782bb7c99eb899a16b57a7f07dda24cba607aaf5dd28466a541ffd
-
SHA512
7052e4cc0b33e4a9624aa53e1a3b997937dea227a828a5cbd621c6f284ccff6dc28ebc6b4a5a77c72c72db73f54db77ca5e0ff7271cc0c370075e126c3452494
Static task
static1
Behavioral task
behavioral1
Sample
EST PDA MV. TBN CALL TO CIWANDAN.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
EST PDA MV. TBN CALL TO CIWANDAN.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.wasaka-shippinq.com - Port:
587 - Username:
[email protected] - Password:
0pzZqCz8!+%u
Targets
-
-
Target
EST PDA MV. TBN CALL TO CIWANDAN.exe
-
Size
783KB
-
MD5
4ef647613fe0cc757fe535d46a4763d7
-
SHA1
868774d67042162ea7539715f8cee34bd41eb4da
-
SHA256
37677fa0c9255eb7368ce3d54a42e2b3e23eff33c6e2008406d9f32a71b565b8
-
SHA512
d021f6c9843a64ed759a120c1e0403d7d3b1e62b0c7d59f6af235ccd02d4b7393b33cfc944f69bc9c9d569069ad9bfc18cdeab8fd07179dba4febe1641a3866c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-