General
-
Target
361aa4f9f0056d10c7a9fe68c5d14e06f534d01c25631310efa3ad767aba02ca
-
Size
416KB
-
Sample
220520-2znyhsbcck
-
MD5
b4ccb5ce36078ef1e1229bb8b062f25b
-
SHA1
6f10a375a9994d9e082a43c0db37a0198288eb05
-
SHA256
361aa4f9f0056d10c7a9fe68c5d14e06f534d01c25631310efa3ad767aba02ca
-
SHA512
6999530a9bb1227a7e12c5b618314eff49595d80a1604d1924bbaeba4f52cd7df393527c81342f69711012f08812ddd97ed38408bd5a78a68e8dc02fdbe7e8a7
Static task
static1
Behavioral task
behavioral1
Sample
PO Bailey Trading.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO Bailey Trading.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pierreinsurancebrokers.com - Port:
587 - Username:
[email protected] - Password:
advisor@1234
Targets
-
-
Target
PO Bailey Trading.exe
-
Size
482KB
-
MD5
2c4badcf417f3eb10daa56faf8931e51
-
SHA1
03a1693629b4b1b5b10380383549016fed01a418
-
SHA256
34b139e4a330ce4ae1572f70947218d40d0cf00864bc23ed41d02648966344db
-
SHA512
d622708afcd7e7458846a1143ecf2a444ec7722c4f3e5b0a6bf436383a235d446c4db726129998fd1a3d07f1393bfb1f8da978de01a2d0adc2560c4107a6b69e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-