General
-
Target
2207b165b5917ab5da3c423a0bd875e06dc5509ed52ad5405304280866979538
-
Size
303KB
-
Sample
220520-2mcpqafeh7
-
MD5
29b72d84ec0ee7b68e2438073cbfb815
-
SHA1
882f55510080c6737a4e739b4f288a8597e92e8d
-
SHA256
2207b165b5917ab5da3c423a0bd875e06dc5509ed52ad5405304280866979538
-
SHA512
43bacca8c6c9d41bda602618672997625c8402d8a8e6cc0f0f279f8dad61f00cc65430f8b103882fa6ec08272bcff1d7e9bb707f07b44ad7985eb0ee13d0de82
Static task
static1
Behavioral task
behavioral1
Sample
nova narud?ba.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
nova narud?ba.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chosen@@@123
Targets
-
-
Target
nova narud?ba.exe
-
Size
321KB
-
MD5
a35772d14e29eff85dcd2d5fc74ab08c
-
SHA1
b1b5f8f29619273be7e5ea1fc360bd5634f8fb13
-
SHA256
6ce07f9854b3d9f983265569f34a640a9f274c1bfd30fcba4b6bb64c957ecc54
-
SHA512
24a531f25744ce69269fec48b13337c3711f65d16b989369780cfe609a25cbce86c6a9d8df5b678c0688ad62a7d6ca2dc61c66865f2c44dce85a89da5d2db46e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-