General
-
Target
13b9a5dbbc245d4e2b2e9f1c08a9e35af0d242e34bd82bfb64371474d315ed5b
-
Size
353KB
-
Sample
220520-2qzzesfgg5
-
MD5
fbb2923a24148f0a395fca61e72815b7
-
SHA1
5fa894c0987d08eb2e34bf02eb65734990c38827
-
SHA256
13b9a5dbbc245d4e2b2e9f1c08a9e35af0d242e34bd82bfb64371474d315ed5b
-
SHA512
95f9d53024f160f1d6c873665fd72a4dade9257598c87e86cead1a8e9989c236227bef867b26a953d23aac353090b56630dfe86e555c89bbf734164f808a8cbe
Static task
static1
Behavioral task
behavioral1
Sample
Remit.Advice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Remit.Advice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.itdone.cz - Port:
587 - Username:
[email protected] - Password:
viObavejMa
Extracted
Protocol: smtp- Host:
mail.itdone.cz - Port:
587 - Username:
[email protected] - Password:
viObavejMa
Targets
-
-
Target
Remit.Advice.exe
-
Size
406KB
-
MD5
eee0330f850eeb8d07aeb8e180afc051
-
SHA1
0a64e31ae85096b82c8d36b497eb1fab9bc8fc10
-
SHA256
cdebb39b2a4f203a8c0be1ce06cbeed1396321d8871d3cc46d4c6639ae7d25a2
-
SHA512
66a0fc4a1eefb21a31297a4350084b6a8ce4b25af3bbf224c9b387ed7736c7f5465ca97c40454f6c5506d4f3d390f3271fb709de1a3094170aa057004d597fda
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-