General
-
Target
3c3b45e6d6265197ba3924d89a6a824e31918e48df05a21c130ac9921d3f27a9
-
Size
472KB
-
Sample
220520-2zgjfagcd6
-
MD5
1864a8d42ebe62b33c86d53e38eb5e68
-
SHA1
106e27db39b501be1a1fdbe102aae113e94adb47
-
SHA256
3c3b45e6d6265197ba3924d89a6a824e31918e48df05a21c130ac9921d3f27a9
-
SHA512
6a83d5b795f135f50f735f20d1c0e3bc719c768337843e441a6d56943a4d5f16ab07ec6cbd39af1f8725cde51d7f262a4627e710731ea64af5a78bf4ecdd10e2
Static task
static1
Behavioral task
behavioral1
Sample
ALWAKRA PROJECT_REF00023#25062018#_DA26.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ALWAKRA PROJECT_REF00023#25062018#_DA26.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mytravelexplorer.com - Port:
587 - Username:
[email protected] - Password:
2JWcb}iP#4]+
Extracted
Protocol: smtp- Host:
mail.mytravelexplorer.com - Port:
587 - Username:
[email protected] - Password:
2JWcb}iP#4]+
Targets
-
-
Target
ALWAKRA PROJECT_REF00023#25062018#_DA26.exe
-
Size
563KB
-
MD5
b42a75b9f278b66aeb068ef55e6cdd12
-
SHA1
084821e1939d389f6a09bb1fb7211b770b6ebf5e
-
SHA256
a0b5afcab56631d737decbb0378a3aa681f0d053fba8b829a039b452c0be79ed
-
SHA512
00cbfe260a158bfbba14a0aa9fb47cc316899416cf9dcc9c6082e773390a470d639f83946ba1ff9bf39d9d9dfe0478bcf6a27c8fb2ca99ae31370cd0e47e708c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-