General
-
Target
674ff8b627f6d0e5c294518e5272a82230099a74dd87466941233f5091f05666
-
Size
391KB
-
Sample
220520-2ykjpsgca2
-
MD5
d7473bd45be889d5eddcdd994ac84216
-
SHA1
eb69cfff1b8d678be89cd26dcf364abd294fe0f0
-
SHA256
674ff8b627f6d0e5c294518e5272a82230099a74dd87466941233f5091f05666
-
SHA512
d9b33ad31e4f286a94b9c75628b07e2a606007794f27735b45699c8abdfa07f47aff3a57f35de3293a670b85935f74834cedae543a9edda0e0bf526210439045
Static task
static1
Behavioral task
behavioral1
Sample
YOKOHAMA TYRE VIETNAM INC RFQ_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
YOKOHAMA TYRE VIETNAM INC RFQ_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.greebals.gr - Port:
587 - Username:
[email protected] - Password:
g#BE=fpMXx@B
Extracted
Protocol: smtp- Host:
mail.greebals.gr - Port:
587 - Username:
[email protected] - Password:
g#BE=fpMXx@B
Targets
-
-
Target
YOKOHAMA TYRE VIETNAM INC RFQ_PDF.exe
-
Size
438KB
-
MD5
1fb477f037a5781626e07de476928154
-
SHA1
d73e53aba93e68cd66c9f68bdce0d1a61d8e7cfe
-
SHA256
cdbac6d4c4c6c722cf135d95f1c0e3d818dc660039ff4ad802c8ce4cc0f7145b
-
SHA512
60d41f5b320d3f29f89b163ebb70e4b06301d0ea6906acafb99e413258fe4d0976580f3f393f10f15590ba30b47edcf6c963163c62e91a02d300a73c6036517c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-