General
-
Target
acad4fd5077e242f39b87b8768e78b4bca82d68ad8e9f7abfca4b8b6131d8ba8
-
Size
516KB
-
Sample
220520-31exnshgh7
-
MD5
85c43822ec35b6fb613b8a4e6d013c42
-
SHA1
c71a2e4bbf7d88e7119a3a24e83ab316ef944ee5
-
SHA256
acad4fd5077e242f39b87b8768e78b4bca82d68ad8e9f7abfca4b8b6131d8ba8
-
SHA512
9dd59add32ae1fe66dda40640dd2d1ddf3a2d9ecfdd6e4af8e057b4c829a6b51b6c9ffefabab85b053f7ed5105c0d5f8524ad2c77eb01e23a346911f26dbd3ae
Static task
static1
Behavioral task
behavioral1
Sample
JOB_APPLICATION.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
JOB_APPLICATION.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
elchapo
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
elchapo
Targets
-
-
Target
JOB_APPLICATION.exe
-
Size
454KB
-
MD5
67556a9ec93eb4e858d667ad1d17a70e
-
SHA1
bcfd5fd4a4922dfcd282f820905fb9566f0af715
-
SHA256
a0ef424407ec036182e8c88177b6178d6eaa04f2ec01026016df1660034aadca
-
SHA512
3fe2eb52e6234618c2f1275420ce0b0ec4d7f04cd9275b67dd296a8b6c98a510c1ba36ebf48f89f5bfdfc9f15779df4facebefa79f7f87ec108955604420f1df
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-