General
-
Target
69ea69de6541a1a40ff85ae577610994e033eecf94ba61534ef6e385b501cd05
-
Size
445KB
-
Sample
220520-2yg4ksgbh7
-
MD5
1581b4fd1e164b3799efb16a005f9503
-
SHA1
a4eeac8501d36ceb534f84443015bdaae6735364
-
SHA256
69ea69de6541a1a40ff85ae577610994e033eecf94ba61534ef6e385b501cd05
-
SHA512
3a98743946d8f214f8b1f2ef1380ba63ed8340ea30e4d13bb44e068ea56a25610e681f66e971f3f050091a567200f63bcecb3f5e7cecedcc6868460a583ed218
Static task
static1
Behavioral task
behavioral1
Sample
ADNOC RFQ 978002410.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ADNOC RFQ 978002410.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gli-bar.com - Port:
587 - Username:
[email protected] - Password:
JXYO)o%bT9
Targets
-
-
Target
ADNOC RFQ 978002410.exe
-
Size
634KB
-
MD5
22db07a4d3400761611d04f57c278a2b
-
SHA1
c44c29dcc0c2b6c5a5b7efebff49cf0aff2e12a9
-
SHA256
5687a70d9a3b50048bd1ff2a2dde050a6308dd23e1bbd0e2fb8efa4b5228ca09
-
SHA512
0c1b546267372142fad6d6c71251fa446d5fac717cb98c468291f1f8f26a691d5b1876fcd56c0b4a9d9b50d2a31451adf2285a2290bf71b6cbf4b524ad6dbf30
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-