General
-
Target
14acd083f99338fa01e03dcfdb2f0b5a41f577a9f602335762b0781b5699c6a9
-
Size
381KB
-
Sample
220520-2r3rpsahen
-
MD5
0a852a819c15dc1f9b455cda7f1c0d0f
-
SHA1
347cccc64318603d680c7a02ec0c3298fe923503
-
SHA256
14acd083f99338fa01e03dcfdb2f0b5a41f577a9f602335762b0781b5699c6a9
-
SHA512
e8b5fedba879db09796226dbcd1bbfb0316984a9f884e635ebd5a28c35059c392f06d0f78529534a8052788b01c23f65d0f09a2f197e26951e0a69411e08319d
Static task
static1
Behavioral task
behavioral1
Sample
Price Inquiry OF 2005218KOLLIPHOR SLS FINE - MA200101.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Price Inquiry OF 2005218KOLLIPHOR SLS FINE - MA200101.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
!4U9j9yMSn=G
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
!4U9j9yMSn=G
Targets
-
-
Target
Price Inquiry OF 2005218KOLLIPHOR SLS FINE - MA200101.exe
-
Size
501KB
-
MD5
3929a2e6962d39a0084b680386c3ffc9
-
SHA1
22a1b6bd8996f78c7a7a05afe671198abec94a3c
-
SHA256
3fc3fb7bfc4691907a80f689bd914ef1331e8d2a43585a377e18cfdd199e7fdb
-
SHA512
2970277dc3e57bba1beb61cbb7f921c2aeb5178b22446ab801e87be2b8a71840b4886c9717e8596868c764a9dfe9c83c95856a4fd8c9c9069373c39d856f6eea
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-