General
-
Target
525fdd437e7f3f98ca7d3a1c4d7b3a38a7f8b8b7ca606ae82eeadb589fac3261
-
Size
1.2MB
-
Sample
220520-3crassbfal
-
MD5
2776fcbaced04e7565f78814f542e7f6
-
SHA1
d0916e62a87367f7a5e6bf04bf6bd47dbf46a34b
-
SHA256
525fdd437e7f3f98ca7d3a1c4d7b3a38a7f8b8b7ca606ae82eeadb589fac3261
-
SHA512
a8d7e521ea414427d36e3da4f3224f8ae0b4f3ef282e6e3a3a8d5bf2b0a1763266a4b455a89cba4653faf18909feb99b332715dd9eb1f005a1f1b4b11f00b619
Static task
static1
Behavioral task
behavioral1
Sample
NOWE_ZAM.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NOWE_ZAM.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orientalkuwait.com - Port:
587 - Username:
[email protected] - Password:
Operatingmanager1&
Extracted
Protocol: smtp- Host:
mail.orientalkuwait.com - Port:
587 - Username:
[email protected] - Password:
Operatingmanager1&
Targets
-
-
Target
NOWE_ZAM.EXE
-
Size
452KB
-
MD5
23a1aa353479c7c8a07aedbe1b950b6a
-
SHA1
c041fd8d5048047b691e75e8e1aa17c874f1301d
-
SHA256
9b0d39708bcfd75540afcabb66f163d266f29d6b8afd591b7aa242726d7fdd98
-
SHA512
191c91093ec59a6892066a2c8d515627cb1e4bdb1cabce1de44833e10da943993e6a61a598afb8255e45fc4e3d36fd7a34331c09ac213d216975c22bf55412d7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-