General
-
Target
85759a08474216312dcb74e132817fe353f20631c854e3ccd95c97036590e7e1
-
Size
495KB
-
Sample
220520-2xks3sgbe7
-
MD5
93c1c1f2ac36958f6f96f3107e94a5d4
-
SHA1
86fc690a631eb604d3da1170143e115b680b8cd4
-
SHA256
85759a08474216312dcb74e132817fe353f20631c854e3ccd95c97036590e7e1
-
SHA512
9f0f32c7454b2a7613e6a769774305bdcada3743658b1a78a8c1bc4e16b403e32598f09683f800aa2ce8e54d1a4f3218b510f0fa45bca9f2d2006ae8f987c9b8
Static task
static1
Behavioral task
behavioral1
Sample
NEW INVOICE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW INVOICE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.proetizo.com - Port:
587 - Username:
[email protected] - Password:
:n7#l_CcH8wh
Targets
-
-
Target
NEW INVOICE.exe
-
Size
561KB
-
MD5
55b95046471af229ee99c420a9305466
-
SHA1
5722d102e4010564f2428ed878c58a8a6a865e45
-
SHA256
f63a89559c83329e8ea8f79ad5cbd03d3ae2f5a71312f26feecc132379c14eab
-
SHA512
8eddf9d88a340fc70201fc6c2dd4b9ac9cf4523e0de24404ed2fe7ca98a832d4a30786ce82234829a2ef93d85ac83547829660cb121b0a19a7ca26af6dba9e69
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-