General
-
Target
28abe2e608e6db2afe1d7c1a68d03a1ffc730e4ee859e8000bb9361419c84640
-
Size
632KB
-
Sample
220520-2ltlvaafcj
-
MD5
831fc8689a175a256832d5d161d468ed
-
SHA1
831764607417b145174c0c711352cabc1be84fd1
-
SHA256
28abe2e608e6db2afe1d7c1a68d03a1ffc730e4ee859e8000bb9361419c84640
-
SHA512
f33a55e00892f0b788f06c99dac9dd161eb4db82dd64b89011746852b3de6aed8ae13027f015eaa7fa9c36821833d239e60084057e5db091e72cc314697fbf81
Static task
static1
Behavioral task
behavioral1
Sample
DRAFT BL.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DRAFT BL.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
KYibdbJ9
Targets
-
-
Target
DRAFT BL.exe
-
Size
571KB
-
MD5
fd0b80bab5473db3cc964b27e8a817e3
-
SHA1
4491d2e9d95c84e93a77d68c1ffd43d08ab342c2
-
SHA256
460a1e3acbde201bf39a076cc672dc052368cf55343fcbc6ad2a10ffb6fb3215
-
SHA512
deb82901f97b59e7f09bb93ec6305f587cba34eea855f9036524ab62be9a8a88110bb06b03002c32ab9ef5b133e05bca851523b130026aea594998fad679d71d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-