General
-
Target
722bf3ff7bc3c92557e9bcb4c18288f20a2cd216a73f2cd02d2d56762539b6d3
-
Size
418KB
-
Sample
220520-2x8j5sgbg9
-
MD5
b3c972dd301adae104e4af9f71c5f5b8
-
SHA1
e9769f9c7c1002c6d36a197b650dfc33d688cbe7
-
SHA256
722bf3ff7bc3c92557e9bcb4c18288f20a2cd216a73f2cd02d2d56762539b6d3
-
SHA512
7e41c1ec4d67c09079c5f8c88800bb78f9b540c100d392e28f90af6c3779805d0cf73d3ea4a9a052a8c245b2e0f1e3eea36c886159bc569a1861b1646fe6a1e6
Static task
static1
Behavioral task
behavioral1
Sample
PO Bailey Trading.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO Bailey Trading.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pierreinsurancebrokers.com - Port:
587 - Username:
[email protected] - Password:
advisor@1234
Extracted
Protocol: smtp- Host:
mail.pierreinsurancebrokers.com - Port:
587 - Username:
[email protected] - Password:
advisor@1234
Targets
-
-
Target
PO Bailey Trading.exe
-
Size
484KB
-
MD5
f4153511fd79fc1031ea918450ef68a0
-
SHA1
713ed1eb2980acb97019d5f4275a2b3477ac90ab
-
SHA256
28ca291710350df3febca37de27eacf938b42f60d61d10c059134fa1e1e859ea
-
SHA512
12e0c8d6fc0bca634885360034768e3bc5a705db4fb5607a1869f0edd5c481245b9de94fd82ee3959334ab394c7c91c0fdb22aefb1b5ac95918b13e33a98ab61
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-