General
-
Target
aa96d025275b7cc2b3404ee552911338e6381ff561727fb968839ef76d185304
-
Size
431KB
-
Sample
220520-3anf5abebj
-
MD5
fed45671bab229146a7730f30c6691d6
-
SHA1
717f3d8feb814f304ae3dc4ae9d1dcc4be8b04d9
-
SHA256
aa96d025275b7cc2b3404ee552911338e6381ff561727fb968839ef76d185304
-
SHA512
c0c003fe2619546b26e0967e2760728ab1c4ac4e3d96be7ba517f188a2910dabb6bd70a3854552d89082559d6a15873179cc4e8130728b2179eba5a6851232d5
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation-0255505.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Request for Quotation-0255505.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.imp-powers.com - Port:
587 - Username:
[email protected] - Password:
AHZlkhbJ1
Targets
-
-
Target
Request for Quotation-0255505.exe
-
Size
487KB
-
MD5
7da04563d7f603d2b055d7aab387acb5
-
SHA1
bc5525da0e0460773bda9d2680069b19ed3de4db
-
SHA256
68e18767c36dde652b11efd72f55423a4dcaab693e29bc3af54f9805e80ca030
-
SHA512
66fee23edad8bc3932e65dc1ae974bae1222d5f7a0a4909c7fa9b932aeb8b46a3b17c5a860e478106e3fa2d3282ba4173cd88dc2ad4d7c765195ea6b703af536
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-